Additional info on Netscaler bruteforce if it helps anybody:
- It started in late November and is targeting orgs worldwide
- usernames are scraped from LinkedIn profiles, same technique as the Cisco AnyConnect bruteforce activity all year
- A cybersecurity vendor has linked it to two CVEs from November, which a number of media outlets have run as fact. It’s false - those CVEs are not used at all.
- User agent is a python one
- in terms of actionable defence, enable MFA. If you haven’t:
Edited 172d ago
