top of page

MSS News: Today's Daily Report

Last Updated: 11:04AM EST

Recent Security News

Supreme Court Rules cell phone tower searches require warrant

The Supreme Court has ruled that cell phone tower searches require warrant. An earlier blog post covers this item.

Recent Security Events

EvilOSX has been observed attacking MAC systems

These attacks are being carried out using python based scripts which are easily detected. Event: 28763

VPNFilter Telnet Scans

Jigsaw Advanced Network Protection continues to see large amounts of VPNFilter activity. These attacks have been ongoing for several weeks and account for 80% of the IDS traffic we are observing on our distributed sensors. Customers using the Jigsaw Security protection model, FirstWatch sensor and secure Internet gateway are not vulnerable to this attack. The biggest offender continues to be 209.141.57[.]203 which has been observed at nearly every Jigsaw customer site attempting to exploit the VPNFilter vulnerabilities. Many consumer level edge devices are vulnerable to this attack. We have included the vulnerable device list below for your reference.

One change is that this host is now observed doing VPNFilter, Remote Code Execution as well as Netcor Router Backdoors which shows that the activity of this threat actor has expanded from what was originally observed. Event: 28752

Vulnerable Devices:

LinkSys: E1200, E2500 and WRVS4400N

Mikrotik Routers: 1016, 1036, 1072

Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000

QNap Devices: TS251, TS439 Pro, QNap NAS devices running QTS

TP-LINK Devices: R600VPN

Uptick in Activity of Jigsaw Domain Threat Feed

We are seeing an uptick in the number of blacklisted domains due to some email based attacks. We are just posting for awareness.

Necurs Botnet Activity

In addition to VPNFilter we are also seeing Necurs botnet activity. Event: 28766

6 views0 comments
bottom of page