2024-09-02 08:48 UTC
7777 Botnet compromised devices
We are sharing 7777 Botnet compromised devices as seen in our daily scans. The data is shared in our Accessible Telnet reported, with a '7777' tag. To view the 7777 botnet compromised devices in the Dashboard select source 'compromised-iot' and tag '7777' (see link examples).
Links
2024-08-02 10:12 UTC
VMware ESXi hypervisor CVE-2024-37085 (authentication bypass) exploited by ransomware operators
VMware ESXi hypervisor CVE-2024-37085 (authentication bypass) exploited by ransomware operators as reported by Microsoft. Shadowserver has implemented daily scans to warn of unpatched and thus potentially vulnerable instances.
Links
References
- https://x.com/Shadowserver/status/1818630438048481541
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
- https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
2024-07-26 12:28 UTC
GeoServer CVE-2024-36401 scanning, exploitation attempts observed
We are reporting out GeoServer instances vulnerable to CVE-2024-36401. This is a critical CVSS 9.8 pre-auth RCE vulnerability that we observed being exploited in the wild and is also present on CISA KEV.