Non-profit consortium launches national scale Cyber Resilience pilot to assess the cyber threat landscape for the NGO sector in The Netherlands
April 4, 2024
A non-profit consortium – consisting of The Hague Humanity Hub, the CyberPeace Institute (CPI), Connect2 Trust Foundation and The Shadowserver Foundation, co-funded by Rijksdienst voor Ondernemend Nederland (RVO), will produce a national level assessment of the cyber threat landscape for NGOs, while measuring the impact and harm of cyber threats on the sector.
Read more »
Introducing Report Severity Levels
October 12, 2023
To make it easier for organizations to consume and prioritize on our daily reports we are introducing report and event severity levels. Each report type and event in the report will have a severity level assigned. This will make it possible to filter all our daily reporting based on the severity of the actual event being reported.
Read more »
Qakbot Historical Bot Infections Special Report
September 8, 2023
On Tuesday 29th August 2023, the US DoJ and FBI, together with other global law enforcement partners, announced a disruption action against the Qakbot botnet. This involved the FBI deleting the Qakbot malware from infected victim computers under US court order. As part of their operation, the FBI acquired a copy of the threat actor’s database of historical Qakbot infections, which covered the period July 2019 to August 2023. This database contains a record of over 700,000 discrete Qakbot bot infections in 230 countries. Shadowserver is sharing elements of this dataset as a one-off Special Report, to allow historical Qakbot infections to be investigated and any secondary malware identified and remediated by system defenders.
Read more »
Qakbot Botnet Disruption
August 29, 2023
On Tuesday 29th August 2023, the US Department of Justice (DoJ) and US Federal Bureau of Investigations (FBI) - along with law enforcement partners in France, Germany, the Netherlands, and the United Kingdom - announced a disruption action against the very long running Qakbot botnet. The outcomes from the coordinated law enforcement action included deleting the Qakbot malware from infected victim computers (to reduce the risk of further harm), taking down the Qakbot technical infrastructure and seizing $8.6M of alleged illicit cryptocurrency profits. The Shadowserver Foundation is happy to support our law enforcement partners in this major cybercrime disruption operation.
Read more »
Technical Summary of Observed Citrix CVE-2023-3519 Incidents
August 7, 2023
The Shadowserver Foundation and trusted partners have observed three different malicious campaigns that have exploited CVE-2023-3519, a code injection vulnerability rated CVSS 9.8 critical in Citrix NetScaler ADC and NetScaler Gateway. The summary below is based on collaboration with the individual compromised organizations, as well as their commercial incident response teams. All timestamps in this write-up are in UTC timezone, and they have all been slightly adjusted to not disclose the actual times. If you own a Citrix NetScaler or have those in your constituency, please follow the detection and hunting advice for signs of compromise and webshells!
Read more »
Multiple language Dashboard support
June 2, 2023
We are happy to announce the addition of the support for multiple languages in our public Dashboard. Five different languages have been added: Arabic, Indonesian (Bahasa Indonesia), Malaysian (Bahasa Melayu), Filipino (Tagalog), Thai. This work was kindly supported by the UK Foreign, Commonwealth & Development Office (FCDO). If you are a National CSIRT or network owner who would like to see your own language added, please contact us to discuss helping to make that happen. Likewise, if you are a user with language/technical feedback on these translations, please do get in touch with suggestions and improvements.
Read more »
Observations on cyber threat activity and vulnerabilities in the Gulf Region
May 31, 2023
We are happy to continue our efforts in collaboration with the UK FCDO, building on our previous global outreach to Africa, Indo-Pacific, Central and Eastern Europe (CEEC), and Association ofSoutheast Asia Nations (ASEAN) regions to produce a cyber security spotlight on the Gulf Region. For a review of previous UK FCDO supported activities please read a) UK Foreign, Commonwealth & Development Office funds Shadowserver surge in Africa and Indo-Pacific regions, b) Continuing Our Africa and Indo-Pacific Regional Outreach, c) More Free Cyber Threat Intelligence For National CSIRTs and d) Shadowserver’s New Public Dashboard.
Read more »
Observations on cyber threat activity and vulnerabilities in Indonesia, Malaysia, Philippines and Thailand
May 30, 2023
Shadowserver has recently been funded by the UK Foreign, Commonwealth & Development Office (FCDO) to provide more detailed and tailored cyber threat insight support to countries in the Association of Southeast Asia Nations (ASEAN), specifically Indonesia, Malaysia, Philippines and Thailand. These activities included obtaining a better understanding of the device makeup of the exposed attack surface in those countries, vulnerability exposure (especially relating to emerging threats) and observed attacks/infected devices - coming both from and directed at the region. The intention is to enrich Shadowserver's free daily threat feeds and public benefit services to the region, providing National CSIRTs and other system defender entities (organizations that are network owners) with a better awareness of their threat and vulnerability landscape, thus helping them to improve their cybersecurity posture.
Read more »
UK/US Joint Announcements Remind Us That Un-Remediated Vulnerabilities Snowball
April 20, 2023
The UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on nation-state sponsored exploitation of router infrastructure. The alert calls out SNMP public exposure and one vulnerability in particular - CVE-2017-6742 - which relates to a long known “remote code execution” opportunity on certain Cisco routers. This alert is a timely reminder for all with unpatched equipment to think broadly! We use this opportunity to highlight our data and free daily reports that provide information on the SNMP and Cisco device exposed attack surface (and more!).
Read more »
New Dashboard Attack Statistics Enhancements
April 3, 2023
We are happy to announce multiple enhancements to our public Dashboard, particularly to the Exploited Vulnerability data collected by our server-side honeypot sensors, thanks to funding provided by the UK Foreign Commonwealth and Development Office (FCDO).
Read more »
Goto page 1Goto page 2Goto page 3…Goto page 12Goto next page