| Rich Freeman via plug on 19 Aug 2020 08:31:41 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] ssh botnet |
On Wed, Aug 19, 2020 at 10:09 AM jeff via plug <plug@lists.phillylinux.org> wrote: > > New P2P botnet infects SSH servers all over the world > https://arstechnica.com/information-technology/2020/08/new-p2p-botnet-infects-ssh-servers-all-over-the-world/ > Detection script at: https://github.com/guardicore/labs_campaigns/tree/master/FritzFrog It seems pretty specific to this botnet and not the underlying issues. It wasn't clear whether this actually exploits anything - this is more of a new payload. My guess is that it is just brute-forcing passwords to spread, or leveraging credentials it finds. Obviously it is best to disable passwords or add 2FA if you have to use them. > Researchers detail bug in wireless devices impacting critical sectors > https://www.bleepingcomputer.com/news/security/researchers-detail-bug-in-wireless-devices-impacting-critical-sectors/ > 'Thales' units > CVE-2020-15858 Didn't read all the gory details yet, but I do find it amusing that the Hayes modem command set is still a thing. -- Rich -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug