Recherche : [detection]

GreyNoise Observes Exploit Attempts Targeting Zyxel CVE-2023-28771 https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771

18/06/2025 09:37:14

‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.

CVE: CVE-2023-28771
Exploit method: UDP port 500 (IKE packet decoder)
Date observed: June 16, 2025
Duration of activity: One day (June 16, 2025)
Unique IPs: 244
Top destination countries: U.S., U.K., Spain, Germany, India.
IP classification: All malicious per GreyNoise
Infrastructure: Verizon Business (all IPs geolocated to U.S.)
Spoofable traffic: Yes (UDP-based)
‍

Observed Activity
Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed a concentrated burst of exploit attempts within a short time window, with 244 unique IPs observed attempting exploitation.

The top destination countries were the U.S., U.K., Spain, Germany, and India.

Historical analysis indicates that in the two weeks preceding June 16, these IPs were not observed engaging in any other scanning or exploit behavior — only targeting CVE-2023-28771.

‍

Zero-Day: How Attackers Use Corrupted Files to Bypass Detection https://any.run/cybersecurity-blog/corrupted-files-attack/

09/12/2024 12:13:02

See technical analysis of a zero-day attack that uses corrupted malicious files to bypass detection by advanced security systems.

Global attacker median dwell time continues to fall https://www.helpnetsecurity.com/2024/04/24/2023-attacker-dwell-time/

29/04/2024 20:36:55

The global attacker median dwell time continued trending downwards in 2023, and is now 10 days (from 16 days in the previous year).

Linux Foundation Launches Tazama: A Revolutionary Open Source Solution for Real-Time Fraud Management https://www.linuxfoundation.org/press/linux-foundation-launches-tazama-for-real-time-fraud-management

17/03/2024 14:48:34

Tazama is the first open source platform for financial monitoring and fraud detection.

Lumma Stealer malware now uses trigonometry to evade detection https://www.bleepingcomputer.com/news/security/lumma-stealer-malware-now-uses-trigonometry-to-evade-detection/

20/11/2023 17:05:02

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.

Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant https://www.mandiant.com/resources/blog/chinese-espionage-tactics

15/08/2023 09:19:01

Ways Chinese cyber espionage activity has increasingly leveraged strategies to evade detection.

Investigating ChatGPT phishing detection capabilities https://securelist.com/chatgpt-anti-phishing/109590/

01/05/2023 15:57:52

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name.

EDR: Detections, Bypassess and other Shenanigans https://fourcore.io/blogs/edr-detections-bypasses-and-other-shenanigans

28/10/2022 23:17:24

EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try to prevent anomalies like Malware, Ransomware by using automated rule based response method.

Bypass phishing detections with Google Translate https://certitude.consulting/blog/en/bypass-phishing-detections-with-google-translate-2/

19/08/2022 09:52:00

A new wave of phishing is currently circulating (a related story from derstandard.at newspaper can be found here). Documents are said to have been sent to you from a scanner, which you can allegedly download, as can be seen in the following image

Microsoft finds Raspberry Robin worm in hundreds of Windows networks https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/

03/07/2022 12:03:15

Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.

Liens par page

Filtres