GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 07-Feb-2024 08:27:02 JST Kevin Beaumont Kevin Beaumont
    • GreyNoise

    Two days ago, mass exploitation of Cisco AnyConnect CVE-2020-3580 began, per @greynoise data. It’s another Positive Technologies vuln.

    77 IP addresses are hammering the internet now. https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22

    This isn’t to be confused with the other 2020 AnyConnect CVE being used by Akira ransomware group.

    There are now three Cisco ASA vulns being used by Akira and Lockbit. #threatintel

    In conversation about a year ago from cyberplace.social permalink

    Attachments


    1. https://cyberplace.social/system/media_attachments/files/111/887/119/203/770/408/original/30c04177ae6c46f0.jpeg
    2. Domain not in remote thumbnail source whitelist: viz.greynoise.io
      GreyNoise Visualizer
      At GreyNoise, we collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet.
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 07-Feb-2024 09:09:49 JST Kevin Beaumont Kevin Beaumont
      in reply to

      It looks like the IPs involved may be linked to a ransomware group. I think what they're doing is fingerprinting patching status of AnyConnect.

      In conversation about a year ago permalink
    • Embed this notice
      barunick (barunick@infosec.exchange)'s status on Wednesday, 07-Feb-2024 09:11:53 JST barunick barunick
      in reply to
      • GreyNoise

      @GossiTheDog @greynoise well that’s certainly interesting. Thanks for the heads up! #threatintel

      In conversation about a year ago permalink
    • Embed this notice
      David Penington (davidpenington@mastodon.au)'s status on Wednesday, 07-Feb-2024 18:09:20 JST David Penington David Penington
      in reply to

      @GossiTheDog Does this AnyConnect vulnerability have any association with the CitrixBleed Netscaler vulnerability?

      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.