Old SSH Vulnerability at Center of Credential-Stuffing Attacks
by Michael Mimoso
October 13, 2016 , 11:27 am
Connected devices aren’t just for DDoS attacks anymore. Researchers at Akamai this week exposed how attackers are using a 12-year-old SSH vulnerability in combination with weak or default credentials to compromise an array of IOT and home networking devices. Those connected things are then being used as proxies to test stolen credentials on third-party web-based applications.
More at: https://threatpost.c...attacks/121266/