Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
5 résultats taggé scan  ✕
9X Surge in Ivanti Connect Secure Scanning Activity https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity
25/04/2025 09:26:05
QRCode
archive.org
thumbnail

GreyNoise observed a 9X spike in suspicious scanning activity targeting Ivanti Connect Secure or Ivanti Pulse Secure VPN systems. More than 230 unique IPs probed ICS/IPS endpoints. This surge may indicate coordinated reconnaissance and possible preparation for future exploitation.

greynoise EN 2025 Activity spike scan Ivanti-Connect-Secure Ivanti-Connect-Secure
Inside the Open Directory of the “You Dun” Threat Group https://thedfirreport.com/2024/10/28/inside-the-open-directory-of-the-you-dun-threat-group/
28/10/2024 10:34:07
QRCode
archive.org
  • Analysis of an open directory found a Chinese speaking threat actor’s toolkit and history of activity.
  • The threat actor displayed extensive scanning and exploitation using WebLogicScan, Vulmap, and Xray, targeting organizations in South Korea, China, Thailand, Taiwan, and Iran.
  • The Viper C2 framework was present as well as a Cobalt Strike kit which included TaoWu and Ladon extensions.
  • The Leaked LockBit 3 builder was used to create a LockBit payload with a custom ransom note that included reference to a Telegram group which we investigated further in the report.
thedfirreport EN 2024 Analysis open-directory LockBit operational You-Dun group China tools scan
I scanned every package on PyPi and found 57 live AWS keys https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
07/01/2023 22:21:04
QRCode
archive.org

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like:

Amazon themselves 😅
Intel
Stanford, Portland and Louisiana University
The Australian Government
General Atomics fusion department
Terradata
Delta Lake
And Top Glove, the worlds largest glove manufacturer 🧤

tomforb EN 2022 leak scan AWS keys PyPi
A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html
22/08/2022 14:27:13
QRCode
archive.org

Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.

nytimes EN 2022 CSAM scan Photos Naked Toddler Google children Criminal
Introducing Package Analysis: Scanning open source packages for malicious behavior https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
02/05/2022 10:50:10
QRCode
archive.org

Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.

openssf EN 2022 Analysis Scan opensource packages Package behavior
4503 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio