Tech CEO Sentenced to 5 Years in IP Address Scheme

Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestans sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,00...

hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

A Linux Bash script to discover the netblocks, or ranges, in CIDR notation owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries RIRs: ARIN North America RIPE Europe/Asia/Middle East...

Tech CEO Pleads to Wire Fraud in IP Address Scheme

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol IP addresses from the nonprofit organization that leases the digital real estate to entities in...

Server-Side Request Forgery in private-ip

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

CVE-2020-28360

CVE-2020-28360 describes an SSRF vulnerability in the npm package private-ip (versions 1.0.5 and earlier). The root cause is an insufficient RegEx filter for reserved IP ranges, allowing an attacker to craft requests to ARIN/other reserved ranges, which can lead to remote server-side resource req...

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

Frenchbread Private-ip Code Issue Vulnerability

Frenchbread Private-ip is a Js codebase for checking if an Ip is private by Frenchbread individual developers. A security vulnerability exists in the Frenchbread Private-ip package prior to v1.0.5 that stems from insufficient regular expressions to adequately filter the reserved IP range, resulti...

The Now-Defunct Firms Behind 8chan, QAnon

Some of the worlds largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have...

uh-oh! North America Runs Completely Out of IPv4 Internet Addresses

Two months ago, THN reported about a similar announcement made by The American Registry for Internet Numbers ARIN, which said that the agency is no longer able to produce IPv4 addresses in North America. Within a time frame of few months, ARIN, which handles Internet addresses in America, has...

North America Runs Out of IPv4 Addresses

The Internet is running out of IPv4 Internet Protocol version 4 addresses — a computer’s unique address on the Internet. It’s just become harder to get IPv4 addresses. IPv4 Exhaustion Gets Real. Is this the end of IPv4 addresses? Finally, North America ran out of iPv4 addresses and officially...

Attackers Buying Own Data Centers for Botnets, Spam

The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the...