September 20, 2024 at 07:39AM Traditional privileged access management (PAM) solutions struggle to effectively handle SSH keys, which functionally differ from passwords. SSH keys outnumber passwords and grant widespread access, yet aren’t managed centrally, posing a security risk. Modern ephemeral access solutions bypass the need to manage passwords or keys, offering improved security and reduced … Read more
April 28, 2024 at 10:52PM Businesses in the 2020s face the challenge of securing digital estates with outdated security concepts, leading to an increasing vulnerability to attackers. This is primarily driven by the exploitation of stolen credentials, phishing, and vulnerabilities. However, SSH Communications Security offers the PrivX Zero Trust Suite to address these issues through … Read more
March 28, 2024 at 08:29AM The Tech Tip suggests that you can continue using SSH keys while protecting your system from CVE-2023-48795. It provides guidance on enhancing system security without the need to discontinue SSH key usage. Based on the meeting notes, the clear takeaway is that it is not necessary to stop using SSH … Read more
February 22, 2024 at 10:51AM The open-source pentesting tool SSH-Snake has been used to steal SSH credentials from approximately 100 organizations, leading to worm-like attacks on networks. Developed by Joshua Rogers, the tool maps network dependencies and enables hackers to compromise systems. Despite being used for malicious purposes, its fileless and self-replicating nature makes it … Read more
February 21, 2024 at 03:32PM SSH-Snake, an open-source network mapping tool, is being used by a threat actor to stealthily search for private keys and move laterally through victim infrastructure. It was discovered by Sysdig’s Threat Research Team, who describe it as a self-modifying worm that avoids typical detection patterns, making it a more efficient … Read more
January 23, 2024 at 01:05PM Two malicious npm packages, warbeast2000 and kodiak2k, leveraged GitHub to store stolen Base64-encrypted SSH keys. They were discovered and taken down after attracting 412 and 1,281 downloads. The modules run a postinstall script to execute JavaScript files, potentially compromising security. The incident highlights ongoing supply chain security threats. Some key … Read more
November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more