Recherche : [SSH] - Cyberveille

npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors https://socket.dev/blog/npm-malware-targets-telegram-bot-developers

21/04/2025 09:18:28

Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.

Censorship Attack against the Tor network https://osservatorionessuno.org/blog/2024/10/censorship-attack-against-the-tor-network/

04/11/2024 07:00:25

In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices.
All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays.

Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.

Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments https://www.aquasec.com/blog/gafgyt-malware-variant-exploits-gpu-power-and-cloud-native-environments/

15/08/2024 08:37:48

Aqua Nautilus researchers discovered a new variant of Gafgyt targeting machines with weak SSH passwords.

XZ backdoor behavior inside OpenSSH https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/

24/06/2024 16:44:07

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

Kaspersky analysis of the backdoor in XZ https://securelist.com/xz-backdoor-story-part-1/112354/

13/04/2024 03:32:39

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

Public SSH keys can leak your private infrastructure https://rushter.com/blog/public-ssh-keys/

30/01/2024 18:17:40

This article describes a minor security flaw in the SSH authentication protocol that can lead to unexpected private infrastructure disclosure. It also provides a PoC written in Python.

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub https://thehackernews.com/2024/01/malicious-npm-packages-exfiltrate-1600.html

28/01/2024 16:53:25

Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.

SSH protects the world’s most sensitive networks. It just got a lot weaker https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

20/12/2023 21:06:18

Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.

Terrapin attacks can downgrade security of OpenSSH connections https://www.bleepingcomputer.com/news/security/terrapin-attacks-can-downgrade-security-of-openssh-connections/

20/12/2023 20:48:09

Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.

In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/

16/11/2023 07:15:01

An error as small as a single flipped memory bit is all it takes to expose a private key.
The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

Liens par page

Filtres