CyberSecurityBoard
Sponsor Register Login

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany.
It manipulates sequence numbers during the handshake process to compromise the integrity of the SSH channel, particularly when specific encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
An attacker could thus downgrade the public key algorithms for user authentication and disable defenses against keystroke timing attacks in OpenSSH 9.5.
A notable requirement for the Terrapin attack is the need for attackers to be in an adversary-in-the-middle position to intercept and modify the handshake exchange.
It is worth noting that threat actors often compromise networks of interest and wait for the right moment to progress their attack.
A recent report by security threat monitoring platform Shadowserver warns that there are nearly 11 million SSH servers on the public web - identified by unique IP addresses, that are vulnerable to Terrapin attacks.
This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver.
Most of the vulnerable systems were identified in the United States, followed by China, Germany, Russia, Singapore, and Japan.
The significance of Shadowserver's report lies in highlighting that Terrapin attacks can have a widespread impact.
While not all 11 million instances are at immediate risk of being attacked, it shows that adversaries have a large pool to choose from.
If you want to check an SSH client or server for its susceptibility to Terrapin, the Ruhr University Bochum team provides a vulnerability scanner.
Terrapin attacks can downgrade security of OpenSSH connections.
Privilege elevation exploits used in over 50% of insider attacks.
Researchers extract RSA keys from SSH server signing errors.
CISA warns of actively exploited bugs in Chrome and Excel parsing library.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 03 Jan 2024 16:00:10 +0000


Cyber News related to Nearly 11 million SSH servers vulnerable to new Terrapin attacks

Millions still haven't patched Terrapin SSH protocol vulnerability - Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the ...
6 months ago Packetstormsecurity.com
Nearly 11 million SSH servers vulnerable to new Terrapin attacks - Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic ...
6 months ago Bleepingcomputer.com
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
6 months ago Cybersecuritynews.com
Terrapin attacks can downgrade security of OpenSSH connections - Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. This manipulation lets attackers remove ...
6 months ago Bleepingcomputer.com
New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
4 months ago Cybersecuritynews.com
Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat - The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, ...
6 months ago Heimdalsecurity.com
SSH vulnerability exploitable in Terrapin attacks - Security researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message. Terrapin is a prefix truncation attack ...
6 months ago Helpnetsecurity.com
In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
7 months ago Arstechnica.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
6 months ago Gbhackers.com
New Terrapin Attacking SSH Protocol to Downgrade the Security - SSH protocol is one of the most used protocols across several organizations to establish a remote terminal login and file transfer. SSH consists of an authenticated key exchange for establishing the secure channel connection to ensure integrity and ...
6 months ago Cybersecuritynews.com
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
2 months ago
Week in review: Terrapin SSH attack, Mr. Cooper breach - Creating a formula for effective vulnerability prioritizationIn this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. EMBA: Open-source ...
6 months ago Helpnetsecurity.com
Attackers Targeting Poorly Managed Linux SSH Servers - In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly secured Linux SSH servers, ...
5 months ago Securityboulevard.com
Careless oversight of Linux SSH servers draws cryptominers, DDoS bots - Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password ...
6 months ago Therecord.media
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
3 months ago Securityweek.com
The old, not the new: Basic security issues still biggest threat to enterprises - Attacks on critical infrastructure reveal industry faux pas. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. X-Force analysis ...
4 months ago Helpnetsecurity.com
NoaBot Pwns Hundreds of SSH Servers as Crypto Miners - Mirai-based botnet exploits weak auth­en­ti­cation to mine imaginary money. A worm has been quietly building a botnet for the past year. It breaks into Linux SSH servers with weak authentication. In today's SB Blogwatch, we urge a switch to ...
5 months ago Securityboulevard.com
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
7 months ago Cysecurity.news
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
7 months ago Packetstormsecurity.com
Ebury botnet malware infected 400,000 Linux servers since 2009 - A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. Below are the Ebury infections logged by ESET since 2009, showing a notable growth in the volume of ...
1 month ago Bleepingcomputer.com
CVE-2023-28436 - Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a ...
1 year ago
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
1 month ago Darkreading.com
BreachForums admin jailed again for using a VPN, unmonitored PC - The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. The BreachForums admin, Conor Fitzpatrick, was arrested on March ...
6 months ago Bleepingcomputer.com
CVE-2020-3442 - The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)