Webmin Vulnerability and Port Scanning Activity

The Webmin website states, "Webmin is a web-based interface for system administration for Unix." Many Hosting providers offer Webmin administration with their Virtual Private Servers. Recently, a presentation revealed backdoor code injected into the source for Webmin.  According to a Hacker News story published August 20: "The story started when Turkish researcher Özkan Mustafa Akkuş... Continue Reading →

Top 10 TCP Ports for Border Policy Review

Information Security guidance sometimes strikes practitioners as impractical. Many of us have more on our 'to do' list than we ever will complete. With that in mind, we put together our list of the Top 10 TCP Ports for Border Policy Review. Here, we use global counts of open ports and known security impacts to... Continue Reading →

Coping with Scanners

It can be argued that there is no unwanted traffic on the Internet; even scans and DDoS are wanted, usually outbound, by the miscreants running them.  However there is a lot of Internet traffic we good folks don't want, either because it consumes our links, or it shows up in query results and clouds our... Continue Reading →

Unmasking AVE_MARIA

Several public reports[1][2] of a malware family often referred to as AVE_MARIA were made in January 2019. Yoroi, an Internet research company, says the malware sample analyzed for their report[2] contains “AVE_MARIA”, and uses that string as a "hello message” for the malware controller. Also, in a Twitter thread[3] about similar malware, a researcher asked... Continue Reading →

August 5 – 8, 2019: BlackHat USA

Team Cymru is coming to BlackHat 2019! Come meet Jeff Vosburg, David Monnier, Steve Santorelli, Jim Skidmore, Courtney Auchter, Scott Fisher, and Tiffany Ostrowski. Stop by our hospitality suite at MGM to find out what we have been up to lately and see a demo of our flagship product offering: Augury. We'll be happy to... Continue Reading →

Up ↑