Sunil Gottumukkala’s Post

CEO, Cofounder | Averlon

Critical find by Qualys. There is already a POC on the GitHub and detection is going to be not fun. 😬 Affected OpenSSH versions: OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure. The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function. OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.

Sumedh Thakar

More original research by Qualys Threat Research Unit (TRU) discovering an Unauthenticated Remotely exploitable vulnerability in OpenSSH. We already see millions of instances of the affected versions that are internet facing. Please patch/mitigate ASAP before attackers develop an exploit. 🔑 🛡️Key Characteristics of RegreSSHion CVE-2024-6387: - Remotely exploitable - No authentication needed - Allows arbitrary code execution - Grants full root privileges - Requires no user interaction - Affects the default configuration #qualys #vulnerabilitymanagement https://lnkd.in/gZiEnE4Y

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blog

blog.qualys.com

To view or add a comment, sign in

More Relevant Posts

Sunil Gottumukkala

CEO, Cofounder | Averlon
4w
Report this post
Insightful article by Ray Fernandez on the impact of AI in cybercrime, identity breaches and red teaming https://lnkd.in/g-EchhZk

How Cybercriminals Think in 2024 — What We Have Learned

https://www.techopedia.com
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
1mo Edited
Report this post
Great story by Taylor Soper with GeekWire on Averlon's seed funding. AI is poised to provide asymmetric advantage to defenders in the long term, and it's our responsibility to drive this innovation forward. Check out the article here: https://lnkd.in/gQAXm7sJ

Salesforce, Microsoft vets raise $8M for new AI cybersecurity startup

geekwire.com

43 Comments
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
1mo Edited
Report this post
Today is an exciting day! Averlon is coming out of stealth with $8M seed funding led by Voyager Capital with participation from Salesforce Ventures and Outpost Ventures, along with several prominent CISOs and industry leaders. This latest investment brings our total funding to $10.5M. 🌟 As cyber-attacks grow more sophisticated with AI, it's critical for organizations to anticipate where and how attackers will strike. And yet, the reality is most CISOs don’t feel prepared for today’s threats. Vishal Agarwal and I knew we needed a novel approach to address this. Introducing Averlon, the first platform providing customers with a holistic way to understand, predict, and prevent cloud security attacks. In contrast to traditional tools that inundate teams with reactive alerts, our AI-powered platform pinpoints specific cloud security issues that pave the way for real-world attacks. Averlon's foundation is built on three pillars: Panoptic Visibility: Provide security teams with deep visibility into the cloud environment. Predictive Attack Intelligence: Proactively predict the actions of attackers and identify end to end attack chains. Rapid Remediation: Help security and engineer teams in eliminating attack chains by deploying surgical fixes. We're thrilled to introduce Averlon to the world! I am incredibly proud of our Averlon team who made this happen in such a short time. I'm grateful to be working with this team and we're lucky to have the support of incredible early customers, investors and advisors. And we are just getting started. Let's go! Read our blog post here with more details on Averlon's vision, story and early momentum https://lnkd.in/gwWAGgpp #startup #cybersecurity #cloudsecurity
120 Comments
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
1mo
Report this post
Heading to SW2 Conference in Denver after a great time at RSA Conference last week! Excited to share my thoughts on how AI is reshaping Cloud Security during my talk. If you're attending the conference, come say hi! #SW2Conference #CloudSecurity #AI
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
2mo
Report this post
Looking forward to the RSA Conference tomorrow, especially to meet friends and customers. Ping me if you are attending and would like to connect
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
2mo
Report this post
Congratulations Kinnaird McQuade George Prince & team!
NightVision

1,679 followers
2mo Edited

𝐀 𝐃𝐢𝐬𝐫𝐮𝐩𝐭𝐢𝐯𝐞 𝐂𝐡𝐚𝐧𝐠𝐞 𝐢𝐧 𝐒𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐓𝐞𝐬𝐭𝐢𝐧𝐠 𝐢𝐬 𝐂𝐨𝐦𝐢𝐧𝐠! 𝑁𝑖𝑔ℎ𝑡𝑉𝑖𝑠𝑖𝑜𝑛 𝑆𝑒𝑐𝑢𝑟𝑒𝑠 $5.4 𝑀𝑖𝑙𝑙𝑖𝑜𝑛 𝑖𝑛 𝑆𝑒𝑒𝑑 𝐹𝑢𝑛𝑑𝑖𝑛𝑔 It’s a big day for us at NightVision and for #softwaredevelopment and #cybersecurity teams tired of decades of frustration from their #applicationsecurity testing products. NightVision has raised $5.4 million of seed capital. We thank all of our advisors, investors, and employees who believe in our vision and trust that we will fundamentally change the speed, use, and accuracy of software security testing. Previously elusive, NightVision will empower developers to discover and remediate issues in their environments of choice before the flaws are deployed. This concept of fixing issues early in the software development lifecycle, referred to as "shift left," has been highly sought after. Until now, it has fallen short due to the time and expertise required. NightVision's "good" hacking aims to resolve the dilemma that no developer team can justify the extensive hours imposed by #DAST. With NightVision, #API and Web App Security issues can be detected before production, all at the developer's own pace. We believe that the shortcomings of the application software testing market have hindered the needs of developers and cyber teams. Developers want to be quickly and easily made aware of exploitable vulnerabilities, including precise details on the location and context of the issue. NightVision’s technology offers users a complete solution without friction. Security needs to move at the speed of innovation. Otherwise, security will always be a step behind, allowing hackers, criminals, and nation-states to exploit vulnerabilities for nefarious means. Today marks a significant milestone in the evolution of NightVision. However, the most exciting change is just around the corner when our product is ready for primetime in May! #appsec #securebydesign Kinnaird McQuade George Prince Shaun Murphy Didi Dayton Sateesh Prabakaran John Steven Doug Kimmel Qilong Wang Aidan Steele Jennifer Ceran Hrishikesh Joshi Kathleen DeStefano
2 Comments
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
3mo Edited
Report this post
I still can't get over the fact that the only reason all of our timelines are filled with XZ Utils is because Andres thankfully decided to investigate a perf issue 😬 "After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer" We, as the industry, need to come up with a better strategy here.

oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise

openwall.com

1 Comment
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
7mo Edited
Report this post
Did anything happen over the weekend? ;)

8 Comments
Like Comment
To view or add a comment, sign in
Sunil Gottumukkala

CEO, Cofounder | Averlon
8mo
Report this post
First LastPass and now 1Password 🤬 https://lnkd.in/gNPBD7qd

1Password detects “suspicious activity” in its internal Okta account

arstechnica.com
Like Comment
To view or add a comment, sign in

3,351 followers

29 Posts

View Profile Follow

Sunil Gottumukkala’s Post

More Relevant Posts

Explore topics