News & Insights

Observations on cyber threat activity and vulnerabilities in the Gulf Region

May 31, 2023
We are happy to continue our efforts in collaboration with the UK FCDO, building on our previous global outreach to Africa, Indo-Pacific, Central and Eastern Europe (CEEC), and Association of Southeast Asia Nations (ASEAN) regions to produce a cyber security spotlight on the Gulf Region. For a review of previous UK FCDO supported activities please read a) UK Foreign, Commonwealth & Development Office funds Shadowserver surge in Africa and Indo-Pacific regions, b) Continuing Our Africa and Indo-Pacific Regional Outreach, c) More Free Cyber Threat Intelligence For National CSIRTs and d) Shadowserver’s New Public Dashboard.

Observations on cyber threat activity and vulnerabilities in Indonesia, Malaysia, Philippines and Thailand

May 30, 2023
Shadowserver has recently been funded by the UK Foreign, Commonwealth & Development Office (FCDO) to provide more detailed and tailored cyber threat insight support to countries in the Association of Southeast Asia Nations (ASEAN), specifically Indonesia, Malaysia, Philippines and Thailand. These activities included obtaining a better understanding of the device makeup of the exposed attack surface in those countries, vulnerability exposure (especially relating to emerging threats) and observed attacks/infected devices - coming both from and directed at the region. The intention is to enrich Shadowserver's free daily threat feeds and public benefit services to the region, providing National CSIRTs and other system defender entities (organizations that are network owners) with a better awareness of their threat and vulnerability landscape, thus helping them to improve their cybersecurity posture.

UK/US Joint Announcements Remind Us That Un-Remediated Vulnerabilities Snowball

April 20, 2023
The UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on nation-state sponsored exploitation of router infrastructure. The alert calls out SNMP public exposure and one vulnerability in particular - CVE-2017-6742 - which relates to a long known “remote code execution” opportunity on certain Cisco routers. This alert is a timely reminder for all with unpatched equipment to think broadly! We use this opportunity to highlight our data and free daily reports that provide information on the SNMP and Cisco device exposed attack surface (and more!).

New Dashboard Attack Statistics Enhancements

April 3, 2023
We are happy to announce multiple enhancements to our public Dashboard, particularly to the Exploited Vulnerability data collected by our server-side honeypot sensors, thanks to funding provided by the UK Foreign Commonwealth and Development Office (FCDO).

Craig Newmark Makes $500,000 Grant to Shadowserver

March 30, 2023
The Shadowserver Foundation is grateful for the continued support and generosity of craigslist founder, Craig Newmark. Earlier this month, Craig Newmark provided Shadowserver with a substantial donation of $500,000.

Shadowserver Alliance Launch

October 4, 2022
The Shadowserver Foundation today launched its new Alliance to Continue to Build a Safer, More Secure Internet. The new Shadowserver Alliance partner program will accelerate growth and scale up delivery of no cost cybersecurity and cyber threat intelligence services to internet defender organizations and law enforcement. The Alliance represents a significant expansion to Shadowserver's freely provided internet security services and enables partners, including some of the world’s most trusted organizations such as Mastercard, Craig Newmark Philanthropies, Avast, Trend Micro and Akamai, to aid its mission to create a safer, more secure Internet. The Shadowserver Alliance is actively seeking new partners to join us now in the next phase of our journey. As a strong community, we can continue to raise the bar on global cyber security together.

New Dashboard Extensions: IoT device fingerprinting and attack statistics

September 30, 2022
We are happy to announce the first major extension to our newly launched Dashboard - the addition of IoT device statistics and server-side attack statistics, data sets that have been collected as part of the HaDEA EU CEF VARIoT project.

Shadowserver’s New Public Dashboard

September 6, 2022
After many years of not having public interface for exploring our extensive cyber threat intelligence data sets, Shadowserver are very excited to make available our new public Dashboard, kindly funded by the UK FCDO. Use our Dashboard to dig into two years of aggregated country level data about many different type of threats, including some unique data sets and vantage points, then visualize the data in various ways that can be easily shared via URLs. Free to use (with attribution) for research, informing policy makers and by journalists/news media in educating the public about cyber security threats.

Thanking Our Supporters

August 17, 2022
Publicly thanking all of the generous individuals and organizations who kindly provided financial support to The Shadowserver Foundation during 2020-2022, thereby enabling us to continue providing free, timely, actionable cyber threat Intelligence that raises the bar on Internet security for everyone. We could not continue to serve the Internet defender community without your vision, leadership and generosity. We look forward to continuing to work with you and others who believe in an open, secure, resilient Internet for all, through our soon-to-be-announced Shadowserver Alliance.

Hello IPv6 Scanning World!

July 14, 2022
In the last few months, Shadowserver has been systematically rolling out IPv6 scanning of services. We chose to conduct our scanning based on hitlists of IPv6 addresses observed being used in the wild, maintaining up to 1 billion unique IPv6 addresses on the hitlist at any one time. We currently scan 9 different services (11 ports) uncovering over 120 million active services by unique IPv6 daily.