#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

SSH Backdoor | Breaking Cybersecurity News | The Hacker News

Category — SSH Backdoor
PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

Mar 20, 2019
The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of its software, the developers of PuTTY earlier this week released the latest version 0.71 for Windows and Unix operating systems. According to an advisory available on its website, all previous versions of the PuTTY software have been found vulnerable to multiple security vulnerabilities that could allow a malicious server or a compromised server to hijack client's system in different ways. Here below I have listed all 8 vulnerabilities with brief information that PuTTY 0.71 has patched: 1) Authentication Prompt Spoofing — Since PuTTY doesn't have a way to indicate whether a piec...
Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

Jul 06, 2017
WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak , this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu. Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server. BothanSpy — Implant for Windows OS BothanSpy is installed as a Shellterm 3.x extension on the target machine and only works if Xshell is running on it with active sessions. Xshell is a powerful terminal emulator that supports SSH, SFTP, ...
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

Mar 17, 2025Cloud Security / Threat Intelligence
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...
SSH Backdoor accounts in multiple Barracuda Products

SSH Backdoor accounts in multiple Barracuda Products

Jan 26, 2013
Firewall, VPN and spam filtering products from Barracuda Networks contains hidden hard coded backdoor ed SSH accounts, that allow any hacker to remotely log in and root access sensitive information. According to an advisory published by Stefan Viehböck of SEC Consult Vulnerability Lab reported the vulnerabilities in default firewall configuration and default user accounts on the unit. Barracuda were informed of the vulnerabilities at the end of November. All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected i.e Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel. Barracuda recommended that all customers immediately update their Barracuda security definitions to v2.0.5, ensure the products' security definitions ar...
cyber security

The State of GRC 2025: From Cost Center to Strategic Business Driver

websiteDrataGovernance / Compliance
Drata's new report takes a look at how GRC professionals are approaching data protection regulations, AI, and the ability to maintain customer trust.
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources