Oddbean new post about | logout
Kevin Beaumont | 1 years ago (raw) | export | reply | flag 
 An org hit by ransomware is telling me the threat actor got in via WS_FTP, for infos, so you might want to prioritise patching that. #threatintel
Catalin Cimpanu | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e Only a few days ago people were ridiculing this vulnerability because there were "only 550 servers" connected online. Looks like ransomware gangs didn't give a shit about the infosec community's opinions once again.
6d268370 | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e Next they will be releasing vulnerabilities for mIRC and Mirabelis ICQ
Kevin Beaumont | 1 years ago (raw) | root | parent | reply | flag 
 The ransomware group targeting WS_FTP are targeting the web version.  Shodan search: html:"WS_FTP"

Add ssl:yourorg.domain to narrow down your assets, e.g.

https://cyberplace.social/system/media_attachments/files/111/171/185/724/021/253/original/b4fdb387e8b1ff57.png