Grub   Mar 13

Europol e autorità di otto paesi, tra cui il Dipartimento di Giustizia degli Stati Uniti, hanno smantellato #SocksEscort un servizio proxy che sfruttava migliaia di router nel mondo infettati dal #malware #avrecon per #linux L’assistenza tecnica durante l’operazione è stata fornita dai #blacklotuslabs e #Shadowserver Foundation. SocksEscort era un servizio di proxy residenziale che i cybercriminali utilizzavano per commettere frodi su larga scala.

#sicurezzainformatica

https://www.punto-informatico.it/socksescort-smantellato-proxy-malware-linux/

SocksEscort: smantellato proxy con malware Linux

SocksEscort era un servizio di proxy residenziale che prevedeva la vendita degli indirizzi IP dei router usati dai cybercriminali per attività illecite.

Punto Informatico
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕Mar 8

«Takedown von MFA-Bypass-Plattform Tycoon2FA
[…] Die Zerschlagung unterstreicht eine klare Botschaft: MFA allein reicht gegen Adversary-in-the-Middle-Phishing nicht aus. […]»

Ich ärgere mich darüber immer wider, dass die betroffene Konzerne darüber sehr still kommunizieren.

🔓 https://borncity.com/blog/2026/03/08/takedown-von-mfa-bypass-plattform-tycoon2fa/

#mfa #login #web #websicherheit #2fa #internet #tycoon2fa #europol #Cloudflare #Coinbase #Crowell #eSentire #HealthISAC #Intel471 #Microsoft #Proofpoint #Resecurity #Shadowserver #SpyCloud #bypass

Takedown von MFA-Bypass-Plattform Tycoon2FA

Kürzlich wurde die MFA-Bypass-Plattform Tycoon2FA beschlagnahmt und offline genommen. Die als führend bezeichnete Phishing-as-a-Service-Plattform war darauf ausgelegt…

Borns IT- und Windows-Blog
securityaffairsJan 27
#Shadowserver finds 6,000+ likely vulnerable #SmarterMail servers exposed online
https://securityaffairs.com/187394/hacking/shadowserver-finds-6000-likely-vulnerable-smartermail-servers-exposed-online.html
#securityaffairs #hacking
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw.

Security Affairs
🆘Bill Cole 🇺🇦Sep 12, 2025

Oh #ShadowServer, now you're just being silly...

#InfoSec #Scanners

Max ResingJul 17, 2025

Here is #Shadowserver's announcement on the global #OperationEastwood which aimed for the #NoName05716 #APT.

https://infosec.exchange/@shadowserver/114863740047451178

There are various public statements, including Europol's post linked here. The members are also listed on Europe's most wanted list. Likewise, the #German #BKA published a multi-lingual statement on the #DDoSia operators and members.

#Eastwood #DDoSia #DDoS #infosec

The Shadowserver Foundation (@[email protected])

Proud to support our international LE partners in Europe/Eurojust coordinated Operation Eastwood - another successful public/private partnership cyber threat disruption! https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

Infosec Exchange
ccinfo.nlJun 7, 2025

Hoe de sluiting van BidenCash de wereld van carding marktplaatsen verandert

Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-nieuws-trends/darkweb/2548908_hoe-de-sluiting-van-bidencash-de-wereld-van-carding-marktplaatsen-verandert

Podcast Spotify: https://open.spotify.com/episode/6tLnBUOe7pv45jySLVdV4n?si=7744c9cfb31640d6

Podcast Youtube: https://youtu.be/OOr4dH6LUm8?si=cRM3CNnW_JCSjPG-

#BidenCash #Carding #Darkweb #Cybercrime #Cybersecurity #InternationalCooperation #DigitalCrimes #FBI #NHTCU #Cryptocurrency #Ransomware #DataTheft #DomainSeizure #DigitalFraud #CyberThreats #MultifactorAuthentication #Shadowserver #CybercrimePrevention #CyberWar #TechCrime

Hoe de sluiting van BidenCash de wereld van carding marktplaatsen verandert / Darkweb / Menu Nieuws & Trends | Cybercrimeinfo.nl

De sluiting van BidenCash verandert de wereld van carding marktplaatsen op het darkweb. Lees hoe internationale samenwerking de strijd tegen cybercriminaliteit versterkt en wat dit betekent voor de toekomst van digitale misdrijven.

JdeBPJun 2, 2025

I just found these people in the logs of a new server that I just set up today. They hit it within minutes. So I had a shufti around their dashboard, and found this.

What is a reasonable explanation for #Shropshire's love of #TELNET?

https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/region/?date_range=1&host_type=src&port=23&geo_country=GB&scale=log&auto_update=off

It's Brother Jerome's secret BBS habit, isn't it? (-:

#ShadowServer #Cadfael

Region map · Exploited vulnerabilities · The Shadowserver Foundation

Tech Cybersecurity NieuwsFeb 8, 2025
Grootschalige brute-force aanval richt zich op vpn-apparaten met 2,8 miljoen ip-adressen https://www.trendingtech.news/trending-news/2025/02/53880/grootschalige-brute-force-aanval-richt-zich-op-vpn-apparaten-met-2-8-miljoen-ip-adressen #brute-force aanval #VPN-apparaten #Shadowserver Foundation #netwerkbeveiliging #malware-botnets #Trending #News #Nieuws
Grootschalige brute-force aanval richt zich op vpn-apparaten met 2,8 miljoen ip-adressen

Een omvangrijke brute-force aanval, gebruikmakend van bijna 2,8 miljoen IP-adressen, is momenteel gaande. De aanval probeert inloggegevens te bemachtigen van d

Tech Nieuws
CedricJan 23, 2025

New post from the #VulnerabilityLookup project about #Shadowserver and Sightings:

https://www.vulnerability-lookup.org/2025/01/22/shadowserver-sightings-in-vulnerability-lookup/

You can subscribe to the blog:
https://www.vulnerability-lookup.org/news/index.xml !

#opensource #cybersecurity #vulnerability #VulnerabilityLookup #TheShadowserverFoundation

The Shadowserver Foundation Honeypot Feed is now integrated as a source of sightings in Vulnerability-Lookup

We are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup. This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings. ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. The source code of ShadowSight is available:

Stuart Longland (VK4MSL)Aug 3, 2023
```
2023-08-03T15:04:36.217026+10:00 gapmx postfix/smtpd[5301]: improper command pipelining after CONNECT from scan-50b.shadowserver.org[64.62.197.198]: GET / HTTP/1.1\r\nHost: 150.101.176.226:25\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7
```
Err no, #shadowserver.org -- I do not run a HTTP server on port 25/tcp!