GossiTheDog, 3 months ago Two days ago, mass exploitation of Cisco AnyConnect CVE-2020-3580 began, per @greynoise data. It’s another Positive Technologies vuln. SAML auth requests. 77 IP addresses are hammering the internet now. https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22 This isn’t to be confused with the other 2020 AnyConnect CVE being used by Akira ransomware group. There are now three Cisco ASA vulns being used by Akira and Lockbit. #threatintel
Two days ago, mass exploitation of Cisco AnyConnect CVE-2020-3580 began, per @greynoise data. It’s another Positive Technologies vuln. SAML auth requests.
77 IP addresses are hammering the internet now. https://viz.greynoise.io/query?gnql=tags%3A%22Cisco%20ASA%20XSS%20Attempt%22
This isn’t to be confused with the other 2020 AnyConnect CVE being used by Akira ransomware group.
There are now three Cisco ASA vulns being used by Akira and Lockbit. #threatintel
