SSH
Backdoor in XZ Utils That Almost Happened
Bruce Schneier | | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
XZ Utils Backdoor
The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have ...
Latest OpenPubkey Project Initiative Makes SSH More Secure
The OpenPubkey project shared an OIDC-based mechanism for remotely logging into IT environments that makes authentication using SSH certificates more secure ...
Security Boulevard
SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec
Richi Jennings | | Authentication, CBC, ChaCha20, chaves ssh, CVE-2023-48795, libSSH, Man In The Middle, man in the middle attack, man in the middle attacks, mitm, MitM Attack, mitm attack prevention, mitm attacks, openssh, OpenSSH protocol, SB Blogwatch, SSH, Terrapin
Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches ...
Security Boulevard
New SSH Vulnerability
This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally ...
Cado Security Report Surfaces Most Common Cyberattack Vectors
A Cado Security analysis of cyberattack patterns found nearly every instance of an opportunistic attack started with a scan for vulnerabilities within SSH ...
Security Boulevard
After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week ...
Security Boulevard
Extending NDR visibility in AWS IaaS
Vijit Nair | | Amazon GuardDuty, aws, dns, ec2, IaaS, NDR, network security monitoring, partnership, Product, SIEM, SSH, SSL-TLS, SUNBURST, Suricata, VPC traffic mirroring, Zeek
By Vijit Nair, Sr. Director, Product Management, Corelight Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams ...
Securing SSH Keys in Multicloud Operations
Secure Shell, or SSH, keys have become a go-to authentication tool, especially as we continue to adopt and adapt to distributed IT and remote working environments that demand robust access controls. But ...
Security Boulevard
Guardicore Discovers SSH Targeting Botnet: Telecom Infrastructure A Target (Along With Financial Systems)
via Ophir Harpaz, writing at the Guardicore Blog comes highly concerning news of a nascent SSH botnet discovery by the security professionals at Guardicore, dubbed FritzFrog. Today's Must Read! ...