Sensor Intel Series: Top CVEs in March 2024
- by nlqip
The majority of the scanning activity is coming from IP addresses assigned to just a handful of ASNs, mostly AS49870 (Alsycon, a hosting provider out of the Netherlands) and AS47890 (Unmanaged Ltd, what looks to be an IT consulting firm based out of the UK). The scanners appear to be using VPS or other resources at these firms to conduct their activity.
After normalization for the number of sensors and other factors, the scanning activity looks to be quite evenly distributed across all the target countries listed above, each receiving approximately 3% of the total traffic, indicative of scanning casting an internet-wide net and attempting to find, in this case, as many vulnerable Wifi routers as possible.
Traffic Volume for Everything Else
Leaving the top ten, Table 1 shows traffic volumes for all vulnerabilities that we’re tracking, along with change from the previous month, CVSS score, and EPSS score. This month we’ve continued to include percent change in addition to the raw change. In terms of high-traffic CVEs, the percent change is usually more instructive. In terms of low-traffic CVEs where a fluctuation of a handful of connections makes for a change of hundreds of percent, raw traffic is more useful.
Source link
lol
The majority of the scanning activity is coming from IP addresses assigned to just a handful of ASNs, mostly AS49870 (Alsycon, a hosting provider out of the Netherlands) and AS47890 (Unmanaged Ltd, what looks to be an IT consulting firm based out of the UK). The scanners appear to be using VPS or other resources…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA