Following up on our last analysis of Trickbot's web inject module we are now publishing a deep dive into the module: https://t.co/kCJeP4vcWw

Telltale now has data on the Log4j 2 (CVE-2021-44228) vulnerability, over the coming days this data will expand as we find new ways to scan for this complex attack surface. CERTs and Orgs with their assets added will see data in real time as we find it. https://t.co/Am1pbVIO4W

We're hiring! Come join our growing threat research team developing new and interesting capabilities to automate analysis of threats and help improve the victim discovery/notification process. https://t.co/8cxl2ONnzQ

We've just scanned for CVE-2021-41773 and found at least 12,000 vulnerable hosts on the internet, likely more out there. Make sure you patch! The list of vulnerable hosts has been loaded into Telltale ( https://t.co/caXU7r95M8).

We observed changes to AnchorDNS & an interesting new component - read more about it here: https://t.co/W18hnQsQPa

We recently discovered some changes TrickBot made to their webinjects module, read about our finding here:

ProxyLogon stats: 250k uniq IPs scanned, 29796 vulnerable, 97827 shells across 15150 unique IPs. This data has been loaded into Telltale ( https://t.co/caXU7rqHaI). Please patch and run Microsoft's MSERT tool to clean up any webshells

Out of the 237496 exchange servers we just scanned, 31454 were vulnerable to ProxyLogon/CVE-2021-26855. This list has been loaded into Telltale ( https://t.co/caXU7rqHaI). Please patch and run Microsoft's MSERT tool to clean up any webshells

Second run of yesterday's Special Report containing data from a later (2021-03-14 23:30:00 UTC) run of @kryptoslogic's potentially vulnerable MS #Exchange server Internet-wide scan just sent out. Increases data from 59142 to 73555 unique IPs, in 6501 to 7254 ASNS, 211 to 212 geos

Special Report just re-run containing updated data on web shells dropped on compromised MS #Exchange servers, again courtesy of @kryptoslogic. 2021-03-15 edition covers 22731 easily found web shells exposed on 20437 unique IP addresses - all requiring urgent remediation

We just finished another scan for webshells. This time we looked at double the number of paths and found 22731 shells across 12861 unique source IPs. This list has been loaded into Telltale ( https://t.co/DSlRPzD6SZ).

Out of the 231084 exchange servers we just scanned, 62018 were vulnerable to ProxyLogon/CVE-2021-26855. Once again this list has been loaded into Telltale ( https://t.co/caXU7rqHaI). Please patch and run Microsoft's MSERT tool to clean up any webshells

Over the next few days we'll be fine tuning our scanning and gathering more data - we think there's probably a bunch more based on other people's data but this is what we have tonight. 2/2

We've just loaded 60k~ IPs into Telltale ( https://t.co/caXU7rqHaI) which we've found vulnerable to ProxyLogon/CVE 2021-26855 - this is being exploited in the wild - please patch and run Microsoft's MSERT tool to look for signs of compromise. We suspect there are more then 60k 1/2

With many un-patched MS #Exchange Servers still being rapidly compromised, we have partnered with @kryptoslogic to provide another Special Report covering 6720 exposed webshells that could be used to deploy ransomware, etc. Please remediate urgently! https://t.co/Ya6AqhEljY

We've just discovered 6970 exposed webshells which are publicly exposed and were placed by actors exploiting the Exchange vulnerability. These shells are being used to deploy ransomware. If you're signed up to Telltale ( https://t.co/caXU7rqHaI) you can check you're not affected

We came across a new Trickbot module used for network reconnaissance - read more here: https://t.co/UvUGyubGFB

As a result of the law enforcement takedown of Emotet we're able to distribute alerts to victims via our platform: https://t.co/Am1pbVIO4W Read more about the takedown here: https://t.co/ELK7CBQhfq

Faster Poly1305 key multicollisions

Huge thanks to @kryptoslogic for our new #GO bindings! 🥳 https://t.co/QUJtMRvBFW