Privileged Access Management SSH Keys passwords SSH hack just-in-time

More IT security headaches for businesses, caused ...

Two more security events occurred, once again caused by having inadequately-secured standing privileges, and unmanaged SSH keys freely roaming around your IT environment. This is exactly why we strongly advocate companies either removing permanent standing privileges (like passwords) or take management of their access credentials (like SSH keys) more seriously.

open source SSH SSH hack threat Secure Shell governance vulnerability

Holy Seeping SCP!

Numerous IT media outlets, including The Register and Hacker News, reported earlier this week that serious vulnerabilities impacting several SCP (Secure Copy Protocol) clients have been discovered by a Finnish IT security researcher Harry Sintonen.

cybersecurity SSH tunneling SSH hack

Cryptomining with the SSH protocol: what big enter...

What is this about - the tech bit Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency. Researchers at Dr.Web found a malicious cryptominer called Monero that is specifically designed for Linux machines.This shell script opens a backdoor for the attacker to execute commands. It is also designed to gain root she...

IoT SSH Keys SSH hack threat

The Chalubo botnet is probing enterprises to explo...

New research from Sophos Labs has uncovered a new sophisticated botnet that targets enterprise SSH servers with an advanced combination of brute force attack and encrypted components. Once the bot has gained access, it’s designed to wreak havoc in enterprise networks via coordinated denial-of-service disruption. Chalubo is remarkable for aiming techniques usually associated with attacks on Windows...

Privileged Access Management open source DevOps SSH hack

libssh vulnerability reminds us SSH is everywhere ...

TL;DR – A vulnerability was reported last week in the libssh open source library. We do not use libssh and are not responsible for it. It does not affect SSH.COM software, like Tectia SSH Server/Client. It does not affect OpenSSH as far as we understand. The vulnerability has been patched quickly. All libssh users are advised to upgrade to libssh 0.7.6 or 0.8.4 to eliminate the vulnerability. Find...

cybersecurity breach SSH Keys SSH hack

Hackers are now scanning for SSH keys to exploit

Servers are under constant siege by hackers and botnets. How are attackers getting into these servers? Servers are typically broken with brute-force password attacks because this is easy when people use passwords like "1234" and "changeMe". The Secure Shell protocol and SSH Keys are ubiquitous in data centers and servers in every corner of the world. What do attackers do when faced with SSH Keys i...


Want to be the first to know about new blog posts?

Fill in you email address and be the first to know about it. 

Subscribe to Email Updates

SSH.COM is one of the most trusted brands in cyber security.

We help major enterprises solve the security challenges of digital transformation. We design best-of-breed commercial solutions for secure access that help our customers win in the global data economy.

Read more about our SSH.COM

Latest posts from the SSH.COM blog