Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/111887119432038263">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 07-Feb-2024 08:27:02 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20240926225417.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><ul><li></ul></div></section><article><p>Two days ago, mass exploitation of Cisco AnyConnect CVE-2020-3580 began, per <a href="https://infosec.exchange/@greynoise">@greynoise</a> data. It’s another Positive Technologies vuln. </p><p>77 IP addresses are hammering the internet now. <a href="https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22" rel="nofollow noreferrer">https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22</a></p><p>This isn’t to be confused with the other 2020 AnyConnect CVE being used by Akira ransomware group. </p><p>There are now three Cisco ASA vulns being used by Akira and Lockbit. <a href="https://cyberplace.social/tags/threatintel" rel="tag">#threatintel</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2686059#notice-5325920">In conversation</a><time datetime="2024-02-07T08:27:02+09:00" title="Wednesday, 07-Feb-2024 08:27:02 JST">about 9 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/111887119432038263" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/111887119432038263">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2224196">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/111/887/119/203/770/408/original/30c04177ae6c46f0.jpeg" rel="external">https://cyberplace.social/system/media_attachments/files/111/887/119/203/770/408/original/30c04177ae6c46f0.jpeg</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: viz.greynoise.io</div><h5><a href="https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22This">GreyNoise Visualizer</a></h5><div></div></header><div>At GreyNoise, we collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 07-Feb-2024 08:27:02 JSTKevin Beaumont
- GreyNoise
Two days ago, mass exploitation of Cisco AnyConnect CVE-2020-3580 began, per @greynoise data. It’s another Positive Technologies vuln.
77 IP addresses are hammering the internet now. https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22
This isn’t to be confused with the other 2020 AnyConnect CVE being used by Akira ransomware group.
There are now three Cisco ASA vulns being used by Akira and Lockbit. #threatintel
In conversationabout 9 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/111/887/119/203/770/408/original/30c04177ae6c46f0.jpeg
2. Domain not in remote thumbnail source whitelist: viz.greynoise.io
  GreyNoise Visualizer
  At GreyNoise, we collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet.

Public

Embed Notice

HTML Code

Corresponding Notice