InfoSecBulletin Cybersecurity for mankind
Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver.
The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, affects both clients and servers using the SSH protocol.
NVIDIA Releases Security Update For GPU Driver Vulnerabilities
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure
NVIDIA NeMo Framework Vuln Allow Attackers RCE
Cisco Issued Urgent Security Advisories For Multiple Products
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
SSH channel integrity can be compromised by manipulating sequence numbers during the handshake process. This is especially true when encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
An attacker can lower the security of OpenSSH 9.5 by downgrading public key algorithms and disabling defenses against timing attacks.
Terrapin attack requires attackers to be in a middle position to intercept and modify the handshake exchange. Threat actors often infiltrate important networks and wait for the right time to launch their attack.
A report by Shadowserver warns that there are around 11 million SSH servers on the internet that can be targeted by Terrapin attacks.
The United States had 3.3 million vulnerable systems, followed by China with 1.3 million, Germany with 1 million, Russia with 700,000, Singapore with 390,000, and Japan with 380,000.
Shadowserver’s report is important because it shows that Terrapin attacks can affect many people.
Adversaries have a large pool of 11 million instances to choose from, even though not all of them are at immediate risk of being attacked. To check if an SSH client or server is vulnerable to Terrapin, the Ruhr University Bochum team offers a vulnerability scanner.
