A critical vulnerability (CVE-2018-10933) was disclosed in libSSH, a library implementing the SSH2 protocol for clients and servers. The vulnerability allows an attacker to completely bypass the authentication step and connect to the server without providing any credentials, the worst possible flaw for a library implementing SSH.
Guardicore Labs team has uncovered a traffic manipulation and cryptocurrency mining campaign infecting a wide number of organizations in industries such as finance, education and
As this security flaw still exists and puts Azure environments at risk, we believe it’s important to continuously verify whether your environment is vulnerable. To do that we integrated Azure password harvesting capabilities into the Infection Monkey.