Bad Packets Report

@bad_packets

Tweets by Troy Mursch. We provide cyber on emerging threats, DDoS botnets, and network abuse. References:

Chicago, IL
badpackets.net
Vrijeme pridruživanja: travanj 2017.
3.325 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @bad_packets

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @bad_packets

  1. Prikvačeni tweet
    13. sij

    Opportunistic scanning activity continues to target Citrix (NetScaler) servers vulnerable to CVE-2019-19781. This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the targeted server.

    82 proslijeđena tweeta 111 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. prije 2 sata

    Their Citrix server, , is still vulnerable to CVE-2019-19781. This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the targeted server ().

    New: CUNA, a credit union lobby firm based in Washington DC, is recovering after a suspected ransomware attack.
    5 replies 11 proslijeđenih tweetova 24 korisnika označavaju da im se sviđa
    Poništi
  3. prije 13 sati

    DDoS malware payload remains active. Exploit attempts ongoing.

    Active DDoS malware payload detected: http://45.10.90.89/z arm arm5 arm6 arm7 () mips () mpsl sh4 x86 Exploit attempt source IP: 45.10.90.89 (🇺🇦) Targeted ports: 5269/tcp 8089/tcp 8090/tcp 8291/tcp 9002/tcp
    11 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  4. prije 17 sati

    Daily Top 10 Countries – Feb. 4, 2020 New unique Mirai-like (DDoS malware) hosts detected by country: 🇨🇳 China: 229 🇹🇼 Taiwan: 175 🇻🇳 Vietnam: 151 🇪🇬 Egypt: 60 🇧🇷 Brazil: 53 🇷🇺 Russia: 51 🇭🇰 Hong Kong: 42 🇲🇽 Mexico: 34 🇹🇷 Turkey: 34 🇺🇸 United States: 33

    4 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    4. velj

    It's true and for that very reason. To see what does with these scans check out our blog that went live today.

    . is scanning the internet for Jenkins servers vulnerable to CVE-2020-2100. Jenkins 2.218 (LTS 2.204.1) and earlier are vulnerable to UDP amplification/reflection denial of service attacks.
    7 proslijeđenih tweetova 11 korisnika označava da im se sviđa
    Poništi
  6. 4. velj

    🎉

    1 reply 2 proslijeđena tweeta 26 korisnika označava da im se sviđa
    Poništi
  7. 4. velj

    . is scanning the internet for Jenkins servers vulnerable to CVE-2020-2100. Jenkins 2.218 (LTS 2.204.1) and earlier are vulnerable to UDP amplification/reflection denial of service attacks.

    13 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  8. 4. velj

    ⚠️ 𝗪𝗔𝗥𝗡𝗜𝗡𝗚 ⚠️ Mass scanning activity detected from 185.220.101.28 (🇩🇪 Tor exit node) attempting to exploit Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext.

    1 reply 12 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    4. velj

    🚨 𝗔𝗟𝗘𝗥𝗧 🚨 Active DDoS botnet C2 server detected! IP address: 205.134.182.116 (🇺🇸) Hosting provider: AiNET (AS6405) C2 ports: 120/tcp 1028/tcp ftp://205.134.182.116/ Payload: Heartless~Security.*()

    1 reply 16 proslijeđenih tweetova 16 korisnika označava da im se sviđa
    Poništi
  10. 4. velj

    Active DDoS malware payload detected: http://173.242.143.112:43613/Mozi.m () Exploit attempt source IP: 173.242.143.112 (🇺🇸) Target: Netgear router unauthenticated remote command injection vulnerability ()

    14 proslijeđenih tweetova 13 korisnika označava da im se sviđa
    Poništi
  11. 4. velj

    🚨 𝗔𝗟𝗘𝗥𝗧 🚨 Active DDoS botnet C2 server detected! IP address: 205.134.182.116 (🇺🇸) Hosting provider: AiNET (AS6405) C2 ports: 120/tcp 1028/tcp ftp://205.134.182.116/ Payload: Heartless~Security.*()

    1 reply 16 proslijeđenih tweetova 16 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    4. velj

    Make sure your MSPs are patching your Citrix Gateway servers, as people are absolutely getting ransomware’d via this.

    Odgovor korisnicima @riskybusiness @rycrozier
    Their Citrix server, , was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z.
    1 reply 18 proslijeđenih tweetova 65 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    31. sij

    Round 2 – CVE-2019-19781 Scan Results Vulnerable Citrix servers detected: 7,133 Our latest vulnerability scan results are freely available for authorized government CERT, ISAC, and law enforcement teams. Submit request here:

    1 reply 13 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 3. velj

    "We've determined that an authentication certificate has expired causing users who have logged out and those that are still logged in to have issue using the service. We're developing a fix to apply a new authentication certificate to the service which will remediate impact."

    We're investigating an issue where users may be unable to access Microsoft Teams. We're reviewing systems data to determine the cause of the issue. More information can be found in the Admin center under TM202916
    6 proslijeđenih tweetova 11 korisnika označava da im se sviđa
    Poništi
  15. 2. velj

    🚨 𝗔𝗟𝗘𝗥𝗧 🚨 Active DDoS botnet C2 server detected! IP address: 207.154.212.220 (🇩🇪) Hosting provider: DigitalOcean (AS14061) C2 ports: 5301/tcp 9545/tcp http://207.154.212.220/bins/ Payload: Stanleyy.* ()

    17 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  16. 2. velj

    The mass exploitation of CVE-2019-7256 by DDoS botnet operators started on January 9th –

    Hackers are hijacking smart building access systems to launch DDoS attacks - Vulnerability: CVE-2019-7256 (no patch) - CVSS score: 10/10 - Device: Linear eMerge E3 - Exploitation started last week - More than 2.3k systems are currently exposed online
    Prikaži ovu nit
    5 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  17. 1. velj

    High volume of mass scanning activity checking for "/.aws/credentials" – uptick started around 2020-02-01T14:28:12Z. Bad Packets research and enterprise customers can query for "AWS Credentials File Scanner" to locate source IPs that are scanning.

    18 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  18. 1. velj

    We've detected opportunistic exploit activity targeting this vulnerability. Bad Packets™ tags are now available for our research and enterprise customers.

    Happy Friday hackers! Nitesh found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh
    7 proslijeđenih tweetova 11 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    31. sij

    Systems patched for Citrix -2019-19781 may still be compromised. See 's latest Activity Alert at for procedures for detecting a compromise.

    123 proslijeđena tweeta 100 korisnika označava da im se sviđa
    Poništi
  20. 31. sij

    Mass scanning activity detected from 175.141.143.132 (🇲🇾) checking for Citrix (NetScaler) servers vulnerable to CVE-2019-19781. This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the targeted server.

    12 proslijeđenih tweetova 17 korisnika označava da im se sviđa
    Poništi
  21. 31. sij

    High volume of masscan traffic detected from hosts in 92.118.37.0/24 (🇷🇴) – 2,400+ unique ports scanned ().

    1 reply 2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi

@bad_packets još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·