SSH

Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...

The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have ...

The OpenPubkey project shared an OIDC-based mechanism for remotely logging into IT environments that makes authentication using SSH certificates more secure ...

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches ...

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally ...

A Cado Security analysis of cyberattack patterns found nearly every instance of an opportunistic attack started with a scan for vulnerabilities within SSH ...

In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week ...

By Vijit Nair, Sr. Director, Product Management, Corelight Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams ...

Secure Shell, or SSH, keys have become a go-to authentication tool, especially as we continue to adopt and adapt to distributed IT and remote working environments that demand robust access controls. But ...

via Ophir Harpaz, writing at the Guardicore Blog comes highly concerning news of a nascent SSH botnet discovery by the security professionals at Guardicore, dubbed FritzFrog. Today's Must Read! ...