CyberSeeker

@CyberSeeker@discuss.tchncs.de

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Cyber-crew claims it cracked American cableco, releases terrible music video to prove it⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Sigh, clickbait at its finest, why else would we click
⁨Comment⁩ on ⁨SEIM⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I would look at CISA’s Logging Made Easy project, which is based on Wazuh.

github.com/cisagov/LME
⁨Comment⁩ on ⁨What is your best isekai anime?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Re:Zero, Konosuba, Overworld, and That Time I Got Reincarnated as a Slime are some of the best, alongside SAO which started the modern version of the genre.
⁨Comment⁩ on ⁨Thousands of Linux systems infected by stealthy malware since 2021⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Shouldn’t be this hard to find out the attack vector.

Buried deep, deep in their writeup:

RocketMQ servers
- CVE-2021-4043 (Polkit)
- CVE-2023-33246
I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.

Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.