#Shadowserver - NRW.social

Frühere Suchanfragen

Suchoptionen

Nur verfügbar, wenn angemeldet.

1 Beitrag1 Beteiligte*r0 Beiträge heute

Pyrzout @jos1264@social.skynetcloud.site

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) https://www.helpnetsecurity.com/2025/04/01/crushftp-vulnerability-exploitation-cve-2025-2825/ #Shadowserver #Don'tmiss #VulnCheck #Hotstuff #CrushFTP #Rapid7 #News #CVE #PoC

Help Net Security · 5 T.Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) - Help Net Security

Mehr von

Cedric @cedric@social.circl.lu

New post from the #VulnerabilityLookup project about #Shadowserver and Sightings:

https://www.vulnerability-lookup.org/2025/01/22/shadowserver-sightings-in-vulnerability-lookup/

You can subscribe to the blog:
https://www.vulnerability-lookup.org/news/index.xml !

www.vulnerability-lookup.org · 22. Jan.The Shadowserver Foundation Honeypot Feed is now integrated as a source of sightings in Vulnerability-LookupWe are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup. This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings. ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. The source code of ShadowSight is available:

#opensource #cybersecurity #vulnerability

Pyrzout @jos1264@social.skynetcloud.site

48,000+ internet-facing Fortinet firewalls still open to attack https://www.helpnetsecurity.com/2025/01/22/48000-internet-facing-fortinet-firewalls-still-open-to-attack/ #ArcticWolfNetworks #Shadowserver #enterprise #Don'tmiss #Hotstuff #firewall #Fortinet #Kroll #News #Asia #USA

Help Net Security · 22. Jan.48,000+ internet-facing Fortinet firewalls still open to attack - Help Net Security

Mehr von

Pyrzout @jos1264@social.skynetcloud.site

UK domain registry Nominet breached via Ivanti zero-day https://www.helpnetsecurity.com/2025/01/13/uk-domain-registry-nominet-breached-via-ivanti-zero-day-cve-2025-0282/ #Shadowserver #Don'tmiss #WatchTowr #Hotstuff #Mandiant #Nominet #Ivanti #0-day #News #CISA

Help Net Security · 13. Jan.UK domain registry Nominet breached via Ivanti zero-day - Help Net SecurityThe number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen to 800.

Stuart Longland (VK4MSL) @stuartl@longlandclan.id.au

```
2023-08-03T15:04:36.217026+10:00 gapmx postfix/smtpd[5301]: improper command pipelining after CONNECT from scan-50b.shadowserver.org[64.62.197.198]: GET / HTTP/1.1\r\nHost: 150.101.176.226:25\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7
```
Err no, #shadowserver.org -- I do not run a HTTP server on port 25/tcp!

securityaffairs @securityaffairs@infosec.exchange

#Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519
https://securityaffairs.com/148735/hacking/15k-citrix-servers-vulnerable-cve-2023-3519.html
#securityaffairs #hacking #malware

Security AffairsShadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. The Agency states that threat actors targeted a NetScaler […]

Paul Chambers @paul@oldfriends.live

Reading my selfhosted Mastodon Nginx server logs and I see that The Shadow Server Foundation scanned my instance today.

I wonder if this is just a general search for flaws in Mastodon code or if there is something specific going on that flagged my instance.

#infosec #ShadowServer

Fortgeführter Thread

Gonçalo Ribeiro @goncalor@infosec.exchange

And since we're here... A comparison of #Censys and #Shadowserver's #MSMQ probes. They are using the same probe except for the padding.

How do I know all this? May have quickly set up a terrible #honeypot last night

Colourful binwalk diff of Shadowserver vs Censys probe packets. It shows the packets start with the same bytes and only differ in what looks like padding.

Just got a messages from Piotr at shadowserver : "We are now on Mastodon as well and plan to post regularly" @shadowserver@infosec.exchange
Welcome to the Fediverse
#infosec #shadowserver #threatintel #honeypot

Zum Hochladen hereinziehen