Skip to main content

Search

Items tagged with: ThreatIntel


Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…

#tor #infosec #cybersecurity #threatintel #privacy


PSA to orgs: if you use Microsoft 365, check your email logs for an email from mbsupport@microsoft.com

Microsoft are emailing tenant admin email addresses about a breach by Midnight Blizzard - you might not get the emails due to spam filtering etc.

reddit.com/r/microsoft/comment… #threatintel


Can’t find my thread to update it, but after a Chinese company acquired Polyfill.io last year (embedded in over 100k websites), it has started serving malware to users of said websites - prepare to be surprised.

sansec.io/research/polyfill-su…

#threatintel


Microsoft published a report last month acknowledging the existence of a long running honeypot operation running on code.microsoft[.]com.

techcommunity.microsoft.com/t5…

#microsoft #infosec #threatintel