Larry W. Cashdollar πŸ’°πŸ’΅ 

@[email protected]
551 Followers
542 Following
80 Posts
Member of Akamai SIRT. Security Researcher & Exploit Coder. My research has been covered by Slashdot, ZDNet, Ars-technica, MSN, Yahoo etc.. Mitre CVE CNA. 300+ CVEs.
Websitehttps://vapid.dhs.org
GitHubhttps://github.com/lcashdol
Show threadLarry W. Cashdollar πŸ’°πŸ’΅ Apr 25, 2024
@thedarktangent I didn’t expect to see a bottle of tobasco out there.
Show threadLarry W. Cashdollar πŸ’°πŸ’΅ Apr 21, 2024
@hacks4pancakes I bought a counterfeit Rolex for my teenage son.
Larry W. Cashdollar πŸ’°πŸ’΅ Mar 5, 2024
My team discovered active exploitation of CVE-2024-0778 spreading a botnet https://www.akamai.com/blog/security-research/netkiller-condi-botnet-exploits-camera
Larry W. Cashdollar πŸ’°πŸ’΅ Feb 2, 2024
CVE ProgramJan 31, 2024
New on the CVE Blog:
β€œA Clarification on CVE Records with a DISPUTED Tag”

https://medium.com/@cve_program/a-clarification-on-cve-records-with-a-disputed-tag-27d4c294bb19

#Vulnerability #VulnerabilityManagement #InfoSec #Cybersecurity #InformationSecurity
A Clarification on CVE Records with a DISPUTED Tag - CVE Program Blog - Medium

Several years ago, it was clear to the CVE Board that we would need a specific process for the inevitable disputes that may arise around vulnerability reporting. Potential scenarios may be obvious to…

Medium
Larry W. Cashdollar πŸ’°πŸ’΅ Dec 6, 2023
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched
Larry W. Cashdollar πŸ’°πŸ’΅ Nov 23, 2023
https://arstechnica.com/security/2023/11/thousands-of-routers-and-cameras-vulnerable-to-new-0-day-attacks-by-hostile-botnet/amp/ We discovered two zero days in networked devices being abused to spread a Mirai botnet.
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Internet scans show 7,000 devices may be vulnerable. The true number could be higher.

Ars Technica
Larry W. Cashdollar πŸ’°πŸ’΅ Sep 26, 2023
Looks like KmsdBot is now exploiting Tenda HG6 v3.3.0 - Remote Command Injection vulnerability. My guess is using weak login credentials via telnet/ssh isn't enough for them to build up the botnet so turning to exploits.
Larry W. Cashdollar πŸ’°πŸ’΅ Aug 17, 2023
Updated Kmsdx Binary Shows KmsdBot Is Targeting the IoT Landscape | Akamai https://www.akamai.com/blog/security-research/updated-kmsdbot-binary-targeting-iot
Larry W. Cashdollar πŸ’°πŸ’΅ Aug 13, 2023
Austin Kocher, PhD 🌎Aug 12, 2023
The Peabody Library in Baltimore, Maryland, is one of the most beautiful interior spaces I've ever seen. Worth the visit! #baltimore #architecture #library #maryland #books
Larry W. Cashdollar πŸ’°πŸ’΅ Aug 13, 2023
Erik Nygren Aug 12, 2023
The version of systemd-networkd in #Ubuntu 22.04 makes substantial improvements in support for delegating #IPv6 prefixes obtained via DHCPv6-PD. If you are (foolishly like me?) trying to use a #Linux server as a home router, this makes it much more viable. I've updated my blog post with details: https://erik.nygren.org/dhcpv6-pd-on-ubuntu-2204.html
Using DHCPv6-PD on Ubuntu 22.04 Jaunty with systemd-networkd to route multiple prefixes

This provides an overview of how you can use the systemd-networkd service in Ubuntu 22.04 to obtain an IPv6 DHCPv6-PD prefix (eg, a /56) from an upstream ISP and subdivide it across local subnets, providing a /64 per subnet. Note that this post assumes you already have extensive experience …

Field Reports from Erik's Laboratory