August 15, 2024 at 01:57AM Cybersecurity researchers have identified a new variant of the Gafgyt botnet that targets devices with weak SSH passwords, employing their GPU computational power to mine cryptocurrency. This variant specifically aims at cloud native environments, expanding its scale by exploiting poorly secured servers and propagating the malware. The botnet employs the … Read more
May 17, 2024 at 12:09PM The Ebury botnet, operating for 15 years, has compromised numerous servers, targeting universities, enterprises, and cryptocurrency traders. It employs tactics to steal credentials, intercept SSH traffic, and pivot towards credit card and cryptocurrency theft. Despite the imprisonment of a key perpetrator, Ebury’s operators remain active and pose ongoing challenges for … Read more
May 9, 2024 at 03:31PM Citrix warned customers about a PuTTY SSH client vulnerability affecting XenCenter, allowing attackers to steal an admin’s private SSH key. The flaw, tracked as CVE-2024-31497, impacts multiple XenCenter versions for Citrix Hypervisor 8.2. The PuTTY component has been removed in XenCenter 8.2.6, and customers are advised to download the latest … Read more
April 16, 2024 at 12:54PM PuTTY developers released an update to patch a critical vulnerability allowing recovery of secret keys. The vulnerability affects versions 0.68 through 0.80, with PuTTY 0.81 fixing the issue. Affected keys, including those used by products like FileZilla and WinSCP, must be revoked immediately. Researchers warned of the potential for key … Read more
March 30, 2024 at 01:51AM RedHat issued an urgent security alert about backdoored versions of the XZ Utils data compression library, impacting versions 5.6.0 and 5.6.1. The compromised code interferes with the sshd daemon process and could allow unauthorized remote access under specific circumstances. Microsoft researcher Andres Freund discovered the issue, prompting GitHub to disable … Read more
March 29, 2024 at 01:55PM Red Hat issues urgent warning regarding backdoor discovered in the latest XZ Utils data compression tools and libraries in Fedora development versions. The malicious code, assigned a 10/10 critical severity score, compromises sshd authentication, potentially allowing unauthorized remote system access. Users are advised to revert to uncompromised version and monitor … Read more
February 28, 2024 at 05:45AM Traditional perimeter-based security is no longer effective, leading to a greater emphasis on communication security and the management of superusers. SSH Communications Security aims to bridge the gap between traditional PAM and IdM solutions. The future of cybersecurity is envisioned as a Zero Trust model, embracing borderless, passwordless, keyless, and … Read more
February 22, 2024 at 10:51AM The open-source pentesting tool SSH-Snake has been used to steal SSH credentials from approximately 100 organizations, leading to worm-like attacks on networks. Developed by Joshua Rogers, the tool maps network dependencies and enables hackers to compromise systems. Despite being used for malicious purposes, its fileless and self-replicating nature makes it … Read more
December 19, 2023 at 12:04PM The Terrapin attack manipulates SSH handshake sequence numbers to sabotage channel integrity, downgrading encryption and allowing message modification in OpenSSH 9.5. It exploits transport layer protocol weaknesses and newer cryptographic algorithms, impacting a majority of SSH implementations. The MiTM requirement makes its threat less severe, with mitigation efforts underway. The … Read more
November 27, 2023 at 08:30AM Passive network attackers can obtain private RSA host keys from a vulnerable SSH server by observing computational faults during connection establishment, according to a new study. These attackers can then intercept sensitive data and conduct adversary-in-the-middle attacks. The research highlights the importance of encrypting protocol handshakes, binding authentication to sessions, … Read more