new vulnerability has been found on OpenSSH which is used by almost all Linux/BSD distributions, as well as many network infrastructure devices to allow SSH connectivity. The vulnerability applies to any SSH device that allows for user/password logins as opposed to shared keys.  And, from my quick review of the vulnerability, it seems to be common on almost every device that has not had password logins specifically disabled. The vulnerability allows an attacker to attempt many thousands of passwords for a user, instead of the default 3-6, before being blocked.

What this means is that any vulnerable server or network device which allows user/password logins from the internet can be remotely accessed if it has a known standard username (e.g. root or admin) and any even slightly popular password. The good news for ThreatSTOP customers is that they are protected against the scanners that will be performing this attack. The attackers who are scanning for vulnerable systems will be reported to us via our feedback loop as it reports all the devices where we blocked the attacker's access.