Security News

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs (The Hackers News)
2017-07-06 11:41

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell)...

SSH Configuration on Nexpose Servers Allowed Weak Encryption Algorithms (Threatpost)
2017-06-02 16:46

Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange.

Uber Debuts SSH Key Authentication Module (Threatpost)
2017-02-08 15:30

Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys.

Quickly audit and adjust SSH server configurations with SSH-audit (Help Net Security)
2016-10-14 14:30

SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available. It supports OpenSSH, Dropbear SSH...

Old SSH Vulnerability at Center of Credential-Stuffing Attacks (Threatpost)
2016-10-13 15:27

Akamai warns that attackers are compromising IOT devices and using them as proxies to test stolen credentials against web-based applications.

Telnet, SSH prod of death smashes Cisco broadband boxes offline (The Register)
2016-10-12 23:23

Internet of Sins: Million more devices sharing known private keys for HTTPS, SSH admin (The Register)
2016-09-07 01:03

Private SSH Key, Weak Default Credentials Removed From ExaGrid Appliances (Threatpost)
2016-04-07 15:11

ExaGrid has removed public-private pairings and weak, hardcoded default credentials from its disk-backup appliances.

Cisco warns of 'critical' risks from web bugs and insecure SSH keys (The Register)
2016-04-07 00:01

Linode SSH key blunder left virtual servers open to man-in-the-middle fiddles for months (The Register)
2016-02-09 23:45