Tag: Cybercrime
Introduction Welcome to the October 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. Following on from our last month’s analysis, scanning of CVE-2017-9841 has fallen to barely a trickle. CVE-2023-1389, an RCE vulnerability in TP-Link Archer AX21 consumer routers, which has been consistently towards…
Read MoreIntroduction Welcome to the September 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. Following on from our last month’s analysis, scanning CVE-2017-9841 continues to drop, falling by 10% compared to August, and now down 99.8% from its high-water mark in June of 2024, and…
Read MoreIntroduction Welcome to the August 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. Last month, we observed the scanning for CVE-2017-9841 fell sharply, and this month is no different, with scanning for that vulnerability falling another 79% from July’s rate. Overall, it’s down 97.4%…
Read MoreIP Infrastructure Analysis, Use of Hosting Infra or Corporate IP Ranges (Geo Location Matching) Scrapers have to distribute their traffic via proxy networks or bot nets so as to spread their traffic over a large number of IP addresses and avoid IP-based rate limits that are used to block unwanted scraping. Because of this, scrapers…
Read MoreIntroduction Welcome to the July 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. Last month we observed a massive increase in scanning for CVE-2017-9841 as well as continued increases in scanning for CVE-2023-1389 and scanning for a newly discovered PHP vulnerability – CVE-2024-4577. This…
Read MoreNote the large increase in the number of unique source IPs and source ASNs. Between May and June, 38 different source ASNs dropped from the scanning activity, and 179 were added. This is unusual. While scanners will abandon infrastructure as takedowns happen, or access is revoked, they typically do not make such massive changes without…
Read More
Do you know Dmitry Yuryevich Khoroshev? If you do, there’s a chance that you might well on the way to receiving a reward of up to $10 million. Read more in my article on the Exponential-e blog. Source link lol
Read MoreBy looking at the table of supported IP protocols, we see that the bot creates raw packets of IGMP, ICMP and TCP protocols. Those packets are just being marked with those protocol numbers, however other fields and headers are not actually set. The packet is filled with “A” characters according to the size specified by…
Read MoreShellshock can take advantage of HTTP headers as well as other mechanisms to enable unauthorized access to the underlying system shell, Bash. The Shellshock attack takes advantage of a flaw in Bash that enables attackers to execute remote commands that would ordinarily be blocked. It’s been rated the highest risk possible because remote command execution…
Read MoreTinba, also known as “Tinybanker”, “Zusy” and “HµNT€R$”, is a banking Trojan that was first seen in the wild around May 2012. Its source code was leaked in July 2014. Cybercriminals customized the leaked code and created an even more sophisticated piece of malware that is being used to attack a large number of popular…
Read More