2024-10-14 10:00 UTC
Fortinet CVE-2024-23113 (format string pre-auth RCE) scanning
We are now reporting in our feeds Fortinet IPs still likely vulnerable to CVE-2024-23113 (format string pre-auth RCE). This vulnerability is known to be exploited in the wild. 87,390 IPs found on 2024-10-12 scan. Top: US (14K), Japan (5.1K), India (4.8K).
Links
2024-10-14 09:56 UTC
Zimbra CVE-2024-45519 scanning
We are scanning for & reporting Zimbra IPs likely vulnerable to CVE-2024-45519 (CVSS 9.8 RCE). Over 19.6K unpatched instances seen on 2024-10-04. Top: Germany (1.6K), US (1.6K), Russia (1.5K). Please note CVE-2024-45519 can be exploited via the SMTP service (our version check itself is web based) and that postjournal is NOT enabled by default (which is not verified in our scans).
2024-09-02 08:48 UTC
7777 Botnet compromised devices
We are sharing 7777 Botnet compromised devices as seen in our daily scans. The data is shared in our Accessible Telnet reported, with a '7777' tag. To view the 7777 botnet compromised devices in the Dashboard select source 'compromised-iot' and tag '7777' (see link examples).
Links
2024-08-02 10:12 UTC
VMware ESXi hypervisor CVE-2024-37085 (authentication bypass) exploited by ransomware operators
VMware ESXi hypervisor CVE-2024-37085 (authentication bypass) exploited by ransomware operators as reported by Microsoft. Shadowserver has implemented daily scans to warn of unpatched and thus potentially vulnerable instances.
Links
References
- https://x.com/Shadowserver/status/1818630438048481541
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
- https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/