Vulnerabilities in cryptographic libraries found through modern fuzzing
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential …
36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet
A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking …
Malicious actors targeting the cloud for cryptocurrency-mining activities
Trend Micro announced a report revealing a fierce, hour-by-hour battle for resources among malicious cryptocurrency mining groups. “Just a few hours of compromise could …
Enterprises average one root access orphan key on every enterprise server
SSH machine identities are critical to digital transformation strategies, as they authenticate privileged access between machines and are ubiquitous across enterprise …
Linux malware backdoors supercomputers
ESET researchers discovered Kobalos, a malware that has been attacking supercomputers – high performance computer (HPC) clusters – as well as other targets such as a …
Fileless worm builds cryptomining, backdoor-planting P2P botnet
A fileless worm dubbed FritzFrog has been found roping Linux-based devices – corporate servers, routers and IoT devices – with SSH servers into a P2P botnet whose …
Bad habits and risky behaviors put corporate data at risk
IT and application development professionals tend to exhibit risky behaviors when organizations impose strict IT policies, according to SSH. Polling 625 IT and application …
PrivX: Gain secure access management to critical multi-cloud and hybrid infrastructures
SSH announced that their access management gateway solution, PrivX, is now available for free in limited host environments to give IT and software teams all over the world the …
SSH and Fujitsu partner to offer privileged access as a service
SSH and Fujitsu have signed a partnership agreement that enables Fujitsu to offer SSH’s PrivX Cloud Access Gateway to complement its Identity-as-a-Service (IDaaS) offering. …
PyCryptoMiner ropes Linux machines into Monero-mining botnet
A Linux-based botnet that has been flying under the radar has earned its master at least 158 Monero (currently valued around $63,000). The malware The botnet is based on a …
Half of organizations do not audit SSH entitlements
Cybercriminals, such as malicious insiders, use SSH keys to access systems from remote locations, evade security tools and escalate privileges, according to a study conducted …
Most organizations don’t have SSH security policies in place
Cybercriminals can abuse SSH keys to secure and automate administrator-to-machine and machine-to-machine access to critical business functions. According to Venafi’s research, …