Tag: Exploitation of Remote Resources (T1210)
Who Is Scanning for CVE-2023-1389? Back in April, when we first started tracking CVE-2023-1389, we did an analysis of who was scanning for it, and found that the majority of scanning activity was coming from just two ASNs, AS49870 (Alsycon, a hosting provider out of the Netherlands) and AS47890 (Unmanaged Ltd). Running these analyses again,…
Read MoreIntroduction Last month’s Sensor Intel Series for March 2024 uncovered the explosion in traffic hunting for systems affected by CVE-2023-1389. The flaw which related to TP-Link Archer AX21 Wi-Fi routers has quickly become the new darling of threat actors looking to build out their DDoS botnets. No new signatures have been introduced this month. Instead,…
Read MoreRecent Posts
- Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe
- North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
- FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
- ESET Research Podcast: HotPage
- A Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource Access
Recent Comments
No comments to show.