Profile picture
Bad Packets Report
@bad_packets
, 4 tweets, 4 min read Read on Twitter
Our honeypots recently detected opportunistic scanning activity targeting Cisco RV320/RV325 routers. A vulnerability exists in these routers that allow remote unauthenticated users to obtain the device's admin credentials – leading to RCE.
badpackets.net/over-9000-cisc…
Using data provided by @binaryedgeio, we've scanned 15,309 unique IPv4 hosts and determined a total of 9,657 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653.

This interactive map shows the total vulnerable hosts found per country:
docs.google.com/spreadsheets/d…
Due to the sensitive nature of this vulnerability, the IP addresses of affected routers won't be published publicly. We’ve shared our findings directly with Cisco PSIRT and @USCERT_gov for further investigation and remediation.
In addition, we've shared our findings with:
@CERT_at
@certbe
@circl_lu
@clcert
@CSAsingapore
@cybercentre_ca
@CyberGovAU
@ncsc_nl
Z-CERT.nl
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Bad Packets Report
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @bad_packets see all

Profile picture
Bad Packets Report
@bad_packets
Tor Browser not required for this shop.
Read 6 tweets
Profile picture
Bad Packets Report
@bad_packets
#Coinhive found on the website of the San Diego Zoo (@sandiegozoo) in the latest high-profile case of #cryptojacking.
How did it get there? @ninoseki shares the details here:
As for why did it happen, we can clearly see the site is running an outdated (vulnerable) version of #Drupal.
Read 10 tweets
Profile picture
Bad Packets Report
@bad_packets
If you run a @Google phishing site and use @letsencrypt, make sure to use Certbot to keep the SSL cert updated automatically.

#WednesdayWisdom
Looking good here!
Oops, forgot to add the SAN!
Read 14 tweets

Related threads

Profile picture
Jennifer Cohn
@jennycohn1
Dear @marceelias, @senbillnelson, & @andrewgillum:

Thank you for fighting to ensure that votes were counted as cast in your respective races. As an election integrity advocate, writer, and attorney, I wanted to share some facts with you that I believe warrant a motion... 1/
... to enjoin certification of results before a full manual recount of all paper ballots (not just the under and over-votes) is conducted. I provide links to the sources for all such facts within and/or at the end of this Thread. 2/
First, starting in 2015, Florida became one of a small number of states to allow voting machine vendor ES&S to install cellular modems in its DS200 precinct scanners, which are used throughout the state of Florida. 3/
Read 38 tweets
Profile picture
Susanne
@susannehusebo
Help me make a list of things that work really well when you have a #remote team?

👇
It’s not that one person who is remote. The whole team is remote. Treat inteactions that way.
When you dial in to calls, make sure you’re well lit from the front. You’re not a witness in a criminal case.
Read 12 tweets
Profile picture
ℓʋℓʋ ℓɛ ℓɛts DO THIS! 💙#VOTEBLUE 💙
@LuluLemew
Report: Feds Have Logged Over 160 Attempts to Hack the Midterms Since August thebea.st/2D1JXgm?source… via @thedailybeast
Hackers have stepped up their attempts to disrupt Tuesday’s midterm elections by targeting voter registration databases, election officials, and networks throughout the U.S., the Boston Globe reports.
Citing intelligence documents, the report states the Department of Homeland Security has launched a raft of investigations into the interference that has so far had “limited success.”
Read 26 tweets
Profile picture
Phil Freo
@philfreo
Let's talk ENGINEERING HIRING (especially for startups, and #remote)

I’ve been hiring on small startup eng teams for the past 8 years (most recently grown @Closeio's eng team from 2 to 14, before that at @quizlet).

👇Here's a thread with some mistakes & hard lessons learned...
Hiring is always hard. It does get easier over time, but it's always something you have to work super hard at. If you're not ready to put in really hard work, you won't be successful hiring.

Don't hire too early! Why not?
1. 😩 Hiring is hard & slow. Skip it as long as you can.
2. 💸 People cost $$$
3. ✅ Do the job yourself first. You'll be better at hiring for the role once you have.
4. 🚀 Small team = fast & nimble
Read 29 tweets
Profile picture
Jennifer Cohn
@jennycohn1
Thread. "Kris Kobach, Kansas’s top election official, recently declared victory in the highly publicized Republican gubernatorial primary in Kansas, surpassing his opponent (sitting Gov. Jeff Colyer) by about 300 votes." via @tytinvestigates tytnetwork.com/2018/08/17/kob… 1/
2/ "At 9 p.m. on August 7, election day, with 10 of Johnson County’s precincts reporting (and just one other, smaller county left to report), Colyer led Kobach by 44 votes in the state and by 13 percent in the county."
3/ "But at 9:07 p.m., a reporter for the Kansas City Star posted that Johnson County would not display further results for at least two hours due to a 'computer glitch.'"
Read 62 tweets
Profile picture
Michael Kimani
@pesa_africa
Approximately five days ago, bitcoin miner and ASIC chips creator, Bitmain, invested $50 million in Opera Browser

Let me tell you why i think this matters /thread
One of the best bitcoin cryptocurrency adoption applications/service in Kenya was Bitpesa in 2014

Simple model, exchange your mobile money mpesa o your prepaid wallet into bitcoin. In and out

Mpesa --> Bitcoin
Bitcoin --> Mpesa

Great service! 1/
Kenyans today have never really had the feel of such a service. B/c Bitpesa got shut out from Mpesa platform in December 2015.

Pre 2017, crypto adoption/awareness/buzz was lower compared vs today. Price bubble 2017 roped in more attention

Here is a weekly volume chart chart 2/
Read 93 tweets

Trending hashtags

#NRA #Vice #flowers #C59 #VoteBlueForTheBabies #IndianOcean #design #Skolkovo #water #CISCO #Dinar #suspensions #nanoparticles #watching #Europe #Zensur #SouthPacific #TraitorFile #Friend #SCIDA #CarKeys #remote #Oceania #RussiaRussiaRussia #Honeywell
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!