Remember the #ScreenConnect vulnerability? It almost seems like a distant memory, and you'd be forgiven if you forgot about it. Do you know who hasn't forgotten about it? Bad actors. Today our WAF blocked malicious requests of a fairly complex bot impersonating macOS trying to find vulnerable ScreenConnect servers. We're going to publish a blog soon about the things each MSP should take away from the ScreenConnect Incident -- make sure to follow us to make sure you don't miss it!
Automation Theory’s Post
More Relevant Posts
-
Never let a good vulnerability go to waste. Bad actors are still on the hunt for vulnerable ScreenConnect servers. While it's doubtful that any still exist, it makes me think about other vulnerabilities that might have come and gone unnoticed (like CVE-2020-15008 from Jason Slagle or CVE-2020-14159 from Jesse C.). We still run across MSPs running outdated versions of #ConnectWise Automate -- and as the WAF data shows, bad actors are still looking for vulnerabilities that should all be patched. This is your weekly reminder to keep your systems patched -- and if you want more security for your #MSP tools, Automation Theory can help you with that.
Remember the #ScreenConnect vulnerability? It almost seems like a distant memory, and you'd be forgiven if you forgot about it. Do you know who hasn't forgotten about it? Bad actors. Today our WAF blocked malicious requests of a fairly complex bot impersonating macOS trying to find vulnerable ScreenConnect servers. We're going to publish a blog soon about the things each MSP should take away from the ScreenConnect Incident -- make sure to follow us to make sure you don't miss it!
-
-
Here's a breakdown of vulnerable ScreenConnect instances (23.9.7 and prior) per region. Our content scans are picking up thousands of unpatched on-premise servers in the US alone. Read our blog for 50+ active attacker IPs, info on our honeynet feed, and a timeline of events 👇 https://hubs.ly/Q02mwkpZ0 #screenconnect
-
-
CounterCraft : Discover how Initial Access Brokers (IABs) are exploiting the new CVE-2024-4577 vulnerability in XAMPP with threat intel from CounterCraft . As soon as we read about the new zero day CVE-2024-4577, we immediately deployed multiple Windows deception servers with the affected XAMPP versions in Windows Server with the specific languages being targeted. Check out this blog to see, step by step, how unauthenticated attackers are leveraging this zero-day to execute arbitrary code on vulnerable Windows servers, bypassing previous protections. Read the detailed blog by our CTO David Barroso, and if you're running XAMPP, upgrade to the latest version immediately to protect your servers. https://lnkd.in/eMmPKTuq #ActionableThreatIntel #PoweredByDeception #XAMPP #CVE20244577
-
-
Blockchain Developer | MSc in IT Security at the University of Salerno | 23 y.o.
⚠️Little reminder⚠️ It's been about two weeks since the #critical vulnerability was discovered on OpenSSH servers. The vulnerability (#regreSSHion) is a race condition on some signals that would allow a hypothetical attacker to perform an RCE on your server (for more details : https://lnkd.in/dMpkTwev). 📌The vulnerability is in versions from 8.5p1 up to, but not including, 9.8p1. Check and update if necessary immediately!
-
-
Chief Executive Officer (CEO) | Scale-Up & Growth Expertise | B2B SaaS | Cyber Security | Sales Operations & Revenue Management
The attackers’ intent is very clear, as they are running a set of discovery commands that are used in the initial phases of a compromise, in order to discover how big is the network they are accessing. This report is worth reading and yes this CVE is being leveraged now... Advert for CounterCraft , see how simple/fast it was for us to see how bad actors are targeting specific infrastructure and get their playbook. #threatintelligence #cybersecurity #infosec
Discover how Initial Access Brokers (IABs) are exploiting the new CVE-2024-4577 vulnerability in XAMPP with threat intel from CounterCraft . As soon as we read about the new zero day CVE-2024-4577, we immediately deployed multiple Windows deception servers with the affected XAMPP versions in Windows Server with the specific languages being targeted. Check out this blog to see, step by step, how unauthenticated attackers are leveraging this zero-day to execute arbitrary code on vulnerable Windows servers, bypassing previous protections. Read the detailed blog by our CTO David Barroso, and if you're running XAMPP, upgrade to the latest version immediately to protect your servers. https://lnkd.in/eMmPKTuq #ActionableThreatIntel #PoweredByDeception #XAMPP #CVE20244577
-
-
Discover how Initial Access Brokers (IABs) are exploiting the new CVE-2024-4577 vulnerability in XAMPP with threat intel from CounterCraft . As soon as we read about the new zero day CVE-2024-4577, we immediately deployed multiple Windows deception servers with the affected XAMPP versions in Windows Server with the specific languages being targeted. Check out this blog to see, step by step, how unauthenticated attackers are leveraging this zero-day to execute arbitrary code on vulnerable Windows servers, bypassing previous protections. Read the detailed blog by our CTO David Barroso, and if you're running XAMPP, upgrade to the latest version immediately to protect your servers. https://lnkd.in/eMmPKTuq #ActionableThreatIntel #PoweredByDeception #XAMPP #CVE20244577
-
-
Network Engineer | Transforming Network Infrastructure for Enhanced Performance & Security | 11 Years of Expertise | Certified in CCNA & Fortinet NSE4
What Is DHCP Snooping? DHCP Snooping is a layer 2 security technology incorporated into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. DHCP Snooping prevents unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
-
-
New HTTP/2 vulnerability leaves servers in danger of devastating DoS attacks, even from a single TCP connection. 🔗Read the full article here: https://ow.ly/V2aj50R9UC4 #CrossRealms #Informationsecurity #InformationTechnology #Vulnerability #CyberAttack
-
-
New HTTP/2 vulnerability leaves servers in danger of devastating DoS attacks, even from a single TCP connection. 🔗Read the full article here: https://ow.ly/V2aj50R9UC4 #CrossRealms #Informationsecurity #InformationTechnology #Vulnerability #CyberAttack
-
-
For those in my network doing bug bounty/Security research... During recon are you using a VPN or proxy? I'm attempting to use a VPN (Mullvad) to do subdomain enumeration, but Mullvad blocks high UDP traffic and seems finicky when using custom DNS servers. I tried switching to proxychains4 going through tor, but the tool (dnsx) I'm using doesn't seem to route the traffic properly or at all. I'm wondering if that's due to DNS being a UDP protocol?
