Researchers identify a new malware family called GoScanSSH that avoids servers linked to government and military IP addresses. 

Trivially exploitable vulnerabilities in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service have been discovered.

In its annual National Exposure Index report, Rapid7 found 160 million computers, IoT devices and servers with open ports that should not be exposed to the public network.

Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange.

RSA 2017 is previewed and last week’s report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed.

Backdoors, likely intentional remote administration features, were closed off in 80 different Sony IP-enabled cameras running the IPELA Engine technology.

A recent Internet scan threw a bucket of cold water on the notion that wonky, unsecured services have been significantly reduced from the Internet. “Today’s Internet in 2016 looks like the 1996 Internet, which is a little depressing,” said Rapid7 security research manager Tod Beardsley. Beardsley and colleagues Bob Rudis and Jon Hart today published...

Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...

The NSA’s subversion of encryption standards may have come home to roost. As more eyes examine the Juniper backdoor in ScreenOS, the operating system standing up its NetScreen VPNs, it’s becoming clear that someone backdoored the NSA backdoor in Dual_EC_DRBG, opening the door to passive decryption of any VPN traffic moving through a NetScreen gateway....

Researchers from two security firms have uncovered the password guarding one of the backdoors discovered in Juniper Networks’ ScreenOS, the operating system behind its NetScreen enterprise-grade firewalls. Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said Rapid7 chief research officer HD Moore. “This password allows an attacker to...