Notices by boB Rudis 🇺🇦 🇬🇱 🇨🇦 (hrbrmstr@mastodon.social)

Weird they're showing Swan Lake on Fox right now

Without full PCAP + emulated router profiles, this would've stayed hidden. Check your ASUS routers for SSH on TCP/53282 NOW.

Technical deep-dive: https://www.labs.greynoise.io//grimoire/2025-03-24-ayysshush/

📊 Executive summary: https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers
4/4

Because it's configured through official ASUS settings, the backdoor persists in NVRAM even after patching. No malware dropped, logging disabled = nearly invisible.

This was caught by GreyNoise's AI tool ("Sift") analyzing just 3 HTTP requests out of 23+ billion.
3/4

The tradecraft suggests an advanced, well-resourced adversary.

What makes this scary: Attackers chain authentication bypasses + CVE-2023-39780 to gain access, then enable SSH on port 53282 with their own public key.
2/4

🚨 BREAKING: GreyNoise discovered a sophisticated backdoor campaign compromising ~9,000 ASUS routers worldwide. Unlike typical malware attacks, this operation uses the router's own legitimate features to create persistent backdoors that survive firmware updates and reboots.
1/4

Citizen Released After Mysterious Detention by Security Forces

https://www.sfgate.com/bayarea/article/santa-cruz-woman-freed-ice-detention-20318272.php

@mttaggart Fedi is still very (very) confusing + off-putting for the vast majority of folks who want to connect in a social network-style.

It could really do with a "one app" + "one big honkin server" flavor, which is what Bluesky sadly could have been.

Bluesky being down *again* is pretty amusing.

🚨 We have a detection up for SAP NetWeaver CVE-2025-31324 Unauthenticated File Upload Attempt

I can confirm we have had hits on it before the tag being published (we're working on a retro-hunt).

These IPs were seen making the attempts over the weekend:

98.84.54.227
67.205.148.188
85.90.245.101
89.117.19.46
172.105.246.67
212.56.35.88

This is the tag:
https://viz.greynoise.io/tags/sap-netweaver-cve-2025-31324-unauthenticated-file-upload-attempt?days=30

I'm starting to get the impression y'all might be trying to tell us (i.e., U.S.) something…

Gotta hand it to @GossiTheDog … def knows how to steal content super well.

@hacks4pancakes wld have been great if he attributed it to me. not surprised tho.

#CVE

You'll be shocked…*shocked*, I say…to hear that I have thoughts about "The Signal Heard Round the World" — https://47-watch.com/blog/posts/2025/2025-03-24-signal-heard-round-the-world/

Never once before 2017 did I even remotely consider we'd (the U.S.) be the Centauri.

The IRL equivalent of "And All My Dreams, Torn Asunder" is happening live, right in front of us all.

#Babylon5

I am SO SORRY folks. But Amerika is now one of the most dangerous places to travel to.

PLEASE STAY AWAY.

A decent % of us are gonna try to reclaim what we once were.

It won't be pretty or speedy.

Just…PLEASE…stay where you are. We cannot protect you. Our leaders hate you.

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge

“You've got a lot of people who are looking over their shoulder as opposed to looking at the enemy right now,”

“Most people are … doing the work of 2+ full-time [staffers].”

America is going *great*.

https://www.wired.com/story/inside-cisa-under-trump/

DOGE Staffer Exposed for Posting Government Work on Public GitHub, Including Employee Union Tracking Tools

https://xcancel.com/SollenbergerRC/status/1895609294810464390?cursor=EwAAAPAEHBkW0oLa-aOnx840JQISFQQAAA#r

Since I (a) needed to play with the Asahi Linux install I did yesterday on the old M1 Mini and (b) haven't used the ESC POS printer in a while, and (c) am still not up to much physical activity, I wired up the RSS feed of the POTUS blatherings I had Inoreader make for me so there's a physical record of the inanity.

Pretty sure this is a sign I'm nearing the breaking point.

This "unitary executive" BS is getting tiresome.

47 Watch has added 1 new executive order — https://47-watch.com/executive-orders/2025-02-12-one-voice-for-americas-foreign-relations/ — and it is yet-another doozy. Sufficiently so, that it warranted a short blog with a potential scenario https://47-watch.com/blog/posts/2025/2025-02-12-one-loud-obnoxious-voice/