On July 1, Qualys researchers discovered a critical OpenSSH vulnerability. More information about the flaw has since come out, and it has been revealed that the vulnerability could be exploited by a remote attacker for code execution. If taken advantage of, the vulnerability could allow a complete system takeover. This would allow malware to be installed and backdoors to be created. The flaw is a regression of an OpenSSH flaw patched in 2006, and has hence been named regreSSHion. It is believed that there are more than 14 million possibly vulnerable OpenSSH instances on the internet. While this is a critical vulnerability, it is unlikely that mass attacks will occur. 

Read more: https://www.securityweek.com/regresshion-openssh-flaw-potential-exploitation-attempts-seen-but-mass-attacks-unlikely/