Huge thanks to Kryptos Logic for our new #GO bindings! 🥳 github.com/kryptoslogic/u…

Faster Poly1305 key multicollisions kryptoslogic.com/blog/2021/01/f…

As a result of the law enforcement takedown of Emotet we're able to distribute alerts to victims via our platform: telltale.kryptoslogic.com Read more about the takedown here: europol.europa.eu/newsroom/news/…

We came across a new Trickbot module used for network reconnaissance - read more here: kryptoslogic.com/blog/2021/02/t…

We've just discovered 6970 exposed webshells which are publicly exposed and were placed by actors exploiting the Exchange vulnerability. These shells are being used to deploy ransomware. If you're signed up to Telltale (telltale.kryptoslogic.com) you can check you're not affected

With many un-patched MS #Exchange Servers still being rapidly compromised, we have partnered with Kryptos Logic to provide another Special Report covering 6720 exposed webshells that could be used to deploy ransomware, etc. Please remediate urgently! shadowserver.org/news/shadowser…

Out of the 231084 exchange servers we just scanned, 62018 were vulnerable to ProxyLogon/CVE-2021-26855. Once again this list has been loaded into Telltale (telltale.kryptoslogic.com). Please patch and run Microsoft's MSERT tool to clean up any webshells

We just finished another scan for webshells. This time we looked at double the number of paths and found 22731 shells across 12861 unique source IPs. This list has been loaded into Telltale (telltale.kryptoslogic.com).

Second run of yesterday's Special Report containing data from a later (2021-03-14 23:30:00 UTC) run of Kryptos Logic's potentially vulnerable MS #Exchange server Internet-wide scan just sent out. Increases data from 59142 to 73555 unique IPs, in 6501 to 7254 ASNS, 211 to 212 geos

Special Report just re-run containing updated data on web shells dropped on compromised MS #Exchange servers, again courtesy of Kryptos Logic. 2021-03-15 edition covers 22731 easily found web shells exposed on 20437 unique IP addresses - all requiring urgent remediation

Out of the 237496 exchange servers we just scanned, 31454 were vulnerable to ProxyLogon/CVE-2021-26855. This list has been loaded into Telltale (telltale.kryptoslogic.com). Please patch and run Microsoft's MSERT tool to clean up any webshells

ProxyLogon stats: 250k uniq IPs scanned, 29796 vulnerable, 97827 shells across 15150 unique IPs. This data has been loaded into Telltale (telltale.kryptoslogic.com). Please patch and run Microsoft's MSERT tool to clean up any webshells

We recently discovered some changes TrickBot made to their webinjects module, read about our finding here: kryptoslogic.com/blog/2021/06/t…

We observed changes to AnchorDNS & an interesting new component - read more about it here: kryptoslogic.com/blog/2021/07/a…

We've just scanned for CVE-2021-41773 and found at least 12,000 vulnerable hosts on the internet, likely more out there. Make sure you patch! The list of vulnerable hosts has been loaded into Telltale (telltale.kryptoslogic.com).

We're hiring! Come join our growing threat research team developing new and interesting capabilities to automate analysis of threats and help improve the victim discovery/notification process. jobs.kryptoslogic.com/o/research-eng…

Telltale now has data on the Log4j 2 (CVE-2021-44228) vulnerability, over the coming days this data will expand as we find new ways to scan for this complex attack surface. CERTs and Orgs with their assets added will see data in real time as we find it. telltale.kryptoslogic.com

Following up on our last analysis of Trickbot's web inject module we are now publishing a deep dive into the module: kryptoslogic.com/blog/2022/01/d…