2025-01-20 20:06 UTC
Fortinet CVE-2024-55591 scanning results
We are sharing daily results of Fortinet CVE-2024-55591 (auth bypass) vulnerable instances in our Vulnerable HTTP report - https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/
References
2025-01-13 11:45 UTC
Ivanti Connect Secure CVE-2025-0282 vulnerability scanning results
On January 10th, 2025, we have started reporting unpatched Ivanti Connect Secure instances likely vulnerable to the new known to be exploited in the wild CVE-2025-0282.
References
- https://bsky.app/profile/shadowserver.bsky.social/post/3lfes4x4ew22v
- https://x.com/Shadowserver/status/1877635751984111870
- https://infosec.exchange/@shadowserver/113803168454472005
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
2024-12-13 11:49 UTC
Large scale RDP scanning activity
We are seeing large numbers of sources scanning for RDP services - especially port 1098/TCP (!) - in our honeypot sensors last 2 weeks (up to 740 000 (!) distinct source IPs daily, incl up to 405 000 from Brazil).
Links
2024-11-21 18:49 UTC
Large scale compromises of PAN-OS devices (CVE-2024-0012 and CVE-2024-9474 exploitation campaigns)
We are scanning for and reporting compromised PAN-OS devices (based on existence of artefacts related to successful exploitation of (CVE-2024-0012 and CVE-2024-9474).