Thibault 'bui' Koechlin @SecBui

Log into first new dedi in a long time. Journalctl -f go brr. Install crowdsec. Logs quiet.

(🧵Thread) Breaking threat alert from DigitalOcean and Microsoft Azure! Mass exploitation campaign detected by actor codenamed Goofy Khaki Flamecrest. Find out about the 4 key events that characterized the campaign 👇 On the 15th of April, we detected a coordinated exploitation effort that included over 1,300 machines at its peak. The machines were small to medium-sized VPCs in public clouds such as Microsoft Azure and DigitalOcean. Using our comprehensive threat intelligence data, we were able to get a clear view of the exploitation campaign. (🧵1/4)

👾 Introducing the CrowdSec VulnTracking Report! 👾 Stay ahead of threats with our new monthly series, delivering key insights into trending CVEs and exploitation attempts.  For March, we added detection for 34 vulnerabilities and/or exploits to our database. What we noticed:  • There is a noticeable gap between media hype and actual attacker interest in certain CVEs. • Surprisingly, older vulnerabilities like CVE-2021-43798 and CVE-2019-17538 are making a comeback, attracting significant malicious activity.  Want the full breakdown? Read the report: crowdsec.net/blog/vulntrack…

Have you tried the CrowdSec Remediation Component for Apache yet?  This powerful component integrates seamlessly with Apache’s module mechanism to block malicious IPs, keeping your infrastructure secure and protected against threats, before they hit. 🛡️ Ready to get started? You can check out the documentation here: docs.crowdsec.net/u/bouncers/apa… It is still in the beta phase, so any feedback or bugs you find please share them on GitHub: github.com/crowdsecurity/… #Apache #Cybersecurity

🚨 CVE-2024-27292 exploitation campaign detected! (thread) What is the CVE-2024-27292 vulnerability? CVE-2024-27292 is a path traversal vulnerability in Docassemble. It allows unauthenticated attackers to access arbitrary files, such as /etc/passwd via specially crafted URL parameters. The root cause is improper sanitization of user-supplied inputs, making it possible for attackers to probe system-level files. Over the past few days, CrowdSec telemetry has identified a significant and accelerating wave of exploit attempts targeting the URI pattern: /interview?i=/etc/passwd. Docassembe is a free, open source expert system for guided interviews and document assembly, based on Python, YAML, and Markdown. This pattern aligns with an exploit attempt for CVE-2024-27292, a vulnerability disclosed in late 2024 affecting Docassemble (v1.4.53 to v1.4.96).

🚀 Congrats to the Pangolin team on v1.0.0! 🎉 This self-hosted reverse proxy securely exposes private resources without open ports, now with CrowdSec integration for added security! 🔒✨ Check it out 👉 github.com/fosrl/pangolin

🚀 Exciting to see Traefik featured in LRVT's Security Blog! 🛡️ The post highlights how #Traefik utilizes #CrowdSec and its Cyber Threat Intelligence (CTI) to ban malicious threat actors probing our exposed HTTP services in a collaborative manner. hubs.ly/Q030ww6H0

Say hello to our 3 newest Crowdsec ambassadors, dedicated community members who are advancing our CrowdSec mission and strengthening the collaborative cybersecurity community: @flaviuvlaicu Haneef Haroon Killian Prin-Abeil Apply to become an ambassador- hubs.ly/Q033JvtM0

🚀 If you're looking for a new year's goal, why not become a CrowdSec Ambassador and make the internet safer together?! Share your knowledge, represent #CrowdSec, and earn rewards for your contributions. Let’s build a safer future together! Apply now:👉 hubs.ly/Q031fml_0

crowdsec.net/blog/post-expl…

CrowdSec Security Engine imported in OpenBSD ports tree - Port maintained by Robert Nagy - cc @Crowd_Security #Infosec #OpenBSD github.com/openbsd/ports/…

Big announcement! We are introducing the #CrowdSec Guide to Cost-Effective Security Operations! Available to download now! This resource is designed to help security teams and decision-makers achieve operational excellence without breaking the budget-hubs.ly/Q02-Vs900

#CrowdSec Security Engine 1.6.3 is out! 🎉 What may look like a minor release is in fact packed with important updates and several improvements. Check out the v.1.6.3 release notes for all the juicy details! hubs.ly/Q02QLpkL0 #cybersecurity #securityengine

Always love when FOSS moves fast. Shoutout to the guys of github.com/wasilibs/go-re2 for merging and releasing overnight! 1.6.3 release for Windows is now fixed (cf. github.com/wasilibs/go-re…)

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

@OlivLiliv doc.crowdsec.net/u/troubleshoot… "Do not use cscli explain on big log files, as this command will buffer a lot of information in memory to achieve this. If you want to check crowdsec's behaviour on big log files, please see replay mode." On devrait rendre le warning plus explicite :)

@OlivLiliv @aderumier Par défaut c'est ~365 jours, pas sur que ce soit ça!

@OlivLiliv @aderumier Hello, n’hésite pas a passer sur discord.gg/crowdsec pour obtenir de l'aide, ça semble bizarre :)

The recent exploit for D-Link NAS devices #CVE20243273 is being used aggressively by botnets hijacking IoT devices. See the information gathered by the CrowdSec Network on the endpoints targeted, payloads used, and IoCs for the most extreme attackers. hubs.ly/Q02wFd5D0