CyberSeeker
@CyberSeeker@discuss.tchncs.de
- Comment on Cyber-crew claims it cracked American cableco, releases terrible music video to prove it 1 week ago:
Sigh, clickbait at its finest, why else would we click
- Comment on SEIM 1 week ago:
I would look at CISA’s Logging Made Easy project, which is based on Wazuh.
- Comment on What is your best isekai anime? 4 months ago:
Re:Zero, Konosuba, Overworld, and That Time I Got Reincarnated as a Slime are some of the best, alongside SAO which started the modern version of the genre.
- Comment on Thousands of Linux systems infected by stealthy malware since 2021 5 months ago:
Shouldn’t be this hard to find out the attack vector.
Buried deep, deep in their writeup:
RocketMQ servers
- CVE-2021-4043 (Polkit)
- CVE-2023-33246
I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.
Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.