2024-12-13 11:49 UTC
Large scale RDP scanning activity
We are seeing large numbers of sources scanning for RDP services - especially port 1098/TCP (!) - in our honeypot sensors last 2 weeks (up to 740 000 (!) distinct source IPs daily, incl up to 405 000 from Brazil).
Links
2024-11-21 18:49 UTC
Large scale compromises of PAN-OS devices (CVE-2024-0012 and CVE-2024-9474 exploitation campaigns)
We are scanning for and reporting compromised PAN-OS devices (based on existence of artefacts related to successful exploitation of (CVE-2024-0012 and CVE-2024-9474).
2024-10-14 10:00 UTC
Fortinet CVE-2024-23113 (format string pre-auth RCE) scanning
We are now reporting in our feeds Fortinet IPs still likely vulnerable to CVE-2024-23113 (format string pre-auth RCE). This vulnerability is known to be exploited in the wild. 87,390 IPs found on 2024-10-12 scan. Top: US (14K), Japan (5.1K), India (4.8K).
Links
2024-10-14 09:56 UTC
Zimbra CVE-2024-45519 scanning
We are scanning for & reporting Zimbra IPs likely vulnerable to CVE-2024-45519 (CVSS 9.8 RCE). Over 19.6K unpatched instances seen on 2024-10-04. Top: Germany (1.6K), US (1.6K), Russia (1.5K). Please note CVE-2024-45519 can be exploited via the SMTP service (our version check itself is web based) and that postjournal is NOT enabled by default (which is not verified in our scans).