Search

Items tagged with: threatintel

Least convincing newly registered domain so far this year:

fixpassword[.]ru

(DON'T. GO. HERE.)

#infosec #threatintel

#infosec #threatintel

Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…

#tor #infosec #cybersecurity #threatintel #privacy


[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

It would be hard to explain to Verizon I run Tor relays since they technically don't allow servers. I hope I'm not forced onto AT&T Internet Air as my particular co-op rental unit won't let met get Spectrum even when other units can, not that I wante…
Tor Project Forum
#privacy #infosec #Tor #cybersecurity #threatintel @Pierre Bourdon

PSA to orgs: if you use Microsoft 365, check your email logs for an email from mbsupport@microsoft.com

Microsoft are emailing tenant admin email addresses about a breach by Midnight Blizzard - you might not get the emails due to spam filtering etc.

reddit.com/r/microsoft/comment… #threatintel

#threatintel

#threatintel

#threatintel

#infosec #microsoft #threatintel