Whois “geofeed” Data, (Thu, Mar 21st)

Attributing a particular IP address to a specific location is hard and often fails miserably. There are several difficulties that I have talked about before: Out-of-date whois data, data that is outright fake, or was never correct in the first place. Companies that have been allocated a larger address range are splitting it up into different geographic regions, but do not reflect this in their whois records.

Continue reading Whois “geofeed” Data, (Thu, Mar 21st)

Posted in Uncategorized

Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)

Late last week, an exploit surfaced on GitHub for CVE-2024-21762 &#;x26;#;x5b;1&#;x26;#;x5d;. This vulnerability affects&#;x26;#;xc2;&#;x26;#;xa0;Fortinet&#;x26;#;39;s FortiOS. A patch was released on February 8th. Owners of affected devices had over a month to patch &#;x26;#;x5b;2&#;x26;#;x5d;. A few days prior to the GitHub post, the exploit was published on the Chinese QQ messaging network &#;x26;#;x5b;3&#;x26;#;x5d;

Continue reading Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)

Posted in Uncategorized

Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)

Late last week, an exploit surfaced on GitHub for CVE-2024-21762 &#;x26;#;x5b;1&#;x26;#;x5d;. This vulnerability affects&#;x26;#;xc2;&#;x26;#;xa0;Fortinet&#;x26;#;39;s FortiOS. A patch was released on February 8th. Owners of affected devices had over a month to patch &#;x26;#;x5b;2&#;x26;#;x5d;. A few days prior to the GitHub post, the exploit was published on the Chinese QQ messaging network &#;x26;#;x5b;3&#;x26;#;x5d;

Continue reading Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)

Posted in Uncategorized

Attacker Hunting Firewalls, (Tue, Mar 19th)

Firewalls and other perimeter devices are a huge target these days. Ivanti, Forigate, Citrix, and others offer plenty of difficult-to-patch vulnerabilities for attackers to exploit. Ransomware actors and others are always on the lookout for new victims. However, being and access broker or ransomware peddler is challenging: The competition for freshly deployed vulnerable devices, or devices not patched for the latest greatest vulnerability, is immense. Your success in the ransomware or access broker ecosystem depends on having a consistently updated list of potential victims.

Continue reading Attacker Hunting Firewalls, (Tue, Mar 19th)

Posted in Uncategorized