We regret to inform you that due to unforeseen network issues, Netlas.io is currently unavailable. Our team is actively working to resolve the issue and restore service as soon as possible. We apologize for any inconvenience caused and appreciate your patience and understanding. Stay tuned for updates. Thank you. π
π4π3π’2β€1
π We're back online! Everything's running smoothly. Our team's investigating to prevent future incidents like this. Thanks for your patience! π
π₯6π2πΎ1
Interface update π»
To separate the site menu and the application menu, a small visual update was released. In case you lost the ASD Tool after this, we inform you that it is now located on the top panel of the interface. You can see how to find it in the picture.
Good luck with your projects and thank you for using Netlas!
To separate the site menu and the application menu, a small visual update was released. In case you lost the ASD Tool after this, we inform you that it is now located on the top panel of the interface. You can see how to find it in the picture.
Good luck with your projects and thank you for using Netlas!
πΎ5β€2π1
How to find live cameras with Netlas - short cheatsheet π
A summary of one of our most popular articles in one picture. Traveling around the world through thousands of cameras - what could be more interesting? π
π Read more here: https://medium.com/osint-ambition/how-to-find-online-cameras-with-netlas-io-c68cdf5f327f
A summary of one of our most popular articles in one picture. Traveling around the world through thousands of cameras - what could be more interesting? π
π Read more here: https://medium.com/osint-ambition/how-to-find-online-cameras-with-netlas-io-c68cdf5f327f
β€5πΎ4π₯1
Fact: old SSL/TLS certificate threatens both the reputation of the website and the security of the data the user is working withβ
How to check the certificate for yourself or a contractor?
π Just use Netlas: https://app.netlas.io/certs/
How to check the certificate for yourself or a contractor?
π Just use Netlas: https://app.netlas.io/certs/
πΎ3β€1π1
CVE-2024-27198, -27199: Auth Bypass in JetBrains TeamCity, 9.8 rating π₯
The vulnerabilities may enable an attacker to bypass authentication checks and gain administrative permissions on the TeamCity server. Affected all versions through 2023.11.3!
Search at Netlas.io:
π Link: https://nt.ls/7DYva
π Dork: http.headers.set_cookie:TCSESSIONID NOT http.body:"2023.11.3" NOT http.body:"2023.11.4"
Vendor's advisory: https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
The vulnerabilities may enable an attacker to bypass authentication checks and gain administrative permissions on the TeamCity server. Affected all versions through 2023.11.3!
Search at Netlas.io:
π Link: https://nt.ls/7DYva
π Dork: http.headers.set_cookie:TCSESSIONID NOT http.body:"2023.11.3" NOT http.body:"2023.11.4"
Vendor's advisory: https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
πΎ5π₯3π2
Website update π₯
We have changed our website a little, and now you can find much more useful materials there, including use cases, links to our resources, and updated documentation.
ππ» Read new docs and guides: https://docs.netlas.io/
We have changed our website a little, and now you can find much more useful materials there, including use cases, links to our resources, and updated documentation.
ππ» Read new docs and guides: https://docs.netlas.io/
docs.netlas.io
Netlas Docs
Insights and detailed instructions on using the Netlas.io platform and development using Netlas API and SDK.
πΎ4π₯2π1
CVE-2024-21899, -21900, -21901: Improper Authentication and other in QNAP NAS, 4.3 - 9.8 rating π₯
Code injection, execution of arbitrary commands and, most interestingly, a vulnerability in the authentication that allows an attacker to compromise the entire system via network.
Search at Netlas.io:
ππ» Link: https://nt.ls/Wnycw
ππ» Dork: http.body_sha256:4a1815f3e87d6d623c22921d9c39b2de614351d71831976bbc807f571953ff21
Vendor's advisory: https://www.qnap.com/en/security-advisory/qsa-24-09
Code injection, execution of arbitrary commands and, most interestingly, a vulnerability in the authentication that allows an attacker to compromise the entire system via network.
Search at Netlas.io:
ππ» Link: https://nt.ls/Wnycw
ππ» Dork: http.body_sha256:4a1815f3e87d6d623c22921d9c39b2de614351d71831976bbc807f571953ff21
Vendor's advisory: https://www.qnap.com/en/security-advisory/qsa-24-09
π₯7πΎ2β€1π1
APSB24-05, APSB24-14: Multiple vulns in Adobe products, critical rating π₯
Two vulnerabilities from the new Adobe security bulletin, the exploitation of which will allow an attacker to achieve arbitrary file system read, code execution, and security feature bypass.
Search at Netlas.io:
ππ» Link: https://nt.ls/EEZn7
ππ» Dork: tag.name:"adobe_experience_manager" OR tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/security-bulletin.html
Two vulnerabilities from the new Adobe security bulletin, the exploitation of which will allow an attacker to achieve arbitrary file system read, code execution, and security feature bypass.
Search at Netlas.io:
ππ» Link: https://nt.ls/EEZn7
ππ» Dork: tag.name:"adobe_experience_manager" OR tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/security-bulletin.html
πΎ4π₯3β€2
CVE-2024-23334: Path Traversal in aiohttp Python lib, 7.5 ratingβ
An old vulnerability that has started to gain attention again recently. According to Cyble research, attackers have been scanning nodes with a vulnerable version of the library since the end of February. We recommend that everyone who uses it update immediately!
Search at Netlas.io:
π Link: https://nt.ls/lrzzv
π Dork: http.headers.server:"aiohttp"
Read more: https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/
An old vulnerability that has started to gain attention again recently. According to Cyble research, attackers have been scanning nodes with a vulnerable version of the library since the end of February. We recommend that everyone who uses it update immediately!
Search at Netlas.io:
π Link: https://nt.ls/lrzzv
π Dork: http.headers.server:"aiohttp"
Read more: https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/
πΎ5π₯3β€2π2
π§Planned update π§
The update will last 21.03.2024 from ~08:00 - 09:00 UTC β°, during which time the application will be unavailable.
Don't forget to save the results of your work before this.
The update will last 21.03.2024 from ~08:00 - 09:00 UTC β°, during which time the application will be unavailable.
Don't forget to save the results of your work before this.
πΎ3π2π1π₯1
Media is too big
VIEW IN TELEGRAM
Major Attack Surface Discovery Tool updateπ₯
New features:
- Grouping results;
- Group searches;
- Improved color segregation;
- Hiding excluded nodes;
- History tab;
and more.
π Read more: https://blog.netlas.io/major-update-for-attack-surface-discovery-tool-4ed4f1bc80fb
π Help topic: https://docs.netlas.io/easm/
π Try now: https://app.netlas.io/asd/
Come quickly and test the new functionality of Netlas! β¨
New features:
- Grouping results;
- Group searches;
- Improved color segregation;
- Hiding excluded nodes;
- History tab;
and more.
π Read more: https://blog.netlas.io/major-update-for-attack-surface-discovery-tool-4ed4f1bc80fb
π Help topic: https://docs.netlas.io/easm/
π Try now: https://app.netlas.io/asd/
Come quickly and test the new functionality of Netlas! β¨
π₯5πΎ3β€1π1
How to find industrial objects with Netlas.io? π
Short cheat sheet based on one of our articles. A few filters will allow you to make sure that nearby factories are protected.
π Read more about industrial devices search: https://medium.com/@netlas/searching-industrial-infrastructure-with-netlas-io-49c08ca519a2
Short cheat sheet based on one of our articles. A few filters will allow you to make sure that nearby factories are protected.
π Read more about industrial devices search: https://medium.com/@netlas/searching-industrial-infrastructure-with-netlas-io-49c08ca519a2
π₯5πΎ4π1
CVE-2024-21677: Path Traversal in Atlassian Confluence, 8.3 ratingβ
The vulnerability discovered during the Bug Bounty program allows an unauthenticated attacker to carry out actions that threaten the confidentiality and availability of the system. The patch has already been released.
Search at Netlas.io:
π Link: https://nt.ls/mghaY
π Dork: http.meta:"confluence-base-url"
Vendor's bulletin: https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html
The vulnerability discovered during the Bug Bounty program allows an unauthenticated attacker to carry out actions that threaten the confidentiality and availability of the system. The patch has already been released.
Search at Netlas.io:
π Link: https://nt.ls/mghaY
π Dork: http.meta:"confluence-base-url"
Vendor's bulletin: https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html
πΎ5β€3π₯3π1π1
CVE-2024-20767: Improper Access Control in Adobe ColdFusion, 8.2 ratingβοΈ
A new vulnerability in ColdFusion that allows an unauthenticated attacker to gain access to sensitive files. PoC is available!
Search at Netlas.io:
ππ» Link: https://nt.ls/jl0cW
ππ» Dork: tag.name:"adobe_coldfusion"
Vendor's bulletin: https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
A new vulnerability in ColdFusion that allows an unauthenticated attacker to gain access to sensitive files. PoC is available!
Search at Netlas.io:
ππ» Link: https://nt.ls/jl0cW
ππ» Dork: tag.name:"adobe_coldfusion"
Vendor's bulletin: https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
πΎ5β€4π₯2π1
CVE-2024-31136 and other: Multiple vulns in JetBrains TeamCity, 4.1 - 7.4 ratingβ
Seven new vulnerabilities in TeamCity: Improrer Validation, Neutralization and others. Install the patch quickly!
Search at Netlas.io:
π Link: https://nt.ls/HmnT2
π Dork: tag.name:"teamcity"
Vendor's advisories: https://www.jetbrains.com/privacy-security/issues-fixed/
Seven new vulnerabilities in TeamCity: Improrer Validation, Neutralization and others. Install the patch quickly!
Search at Netlas.io:
π Link: https://nt.ls/HmnT2
π Dork: tag.name:"teamcity"
Vendor's advisories: https://www.jetbrains.com/privacy-security/issues-fixed/
πΎ4π2π₯1
CVE-2024-2879: SQL injection in LayerSlider plugin for WordPress, 9.8 rating π₯
Plugin used on millions of websites had a feature that was vulnerable to blind SQL injection. If the vulnerability was successfully exploited, the attacker could gain access to any confidential information.
Search at Netlas.io:
π Link: https://nt.ls/8CmgD
π Dork: http.body:"plugins/layerslider"
Read more: https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/
Plugin used on millions of websites had a feature that was vulnerable to blind SQL injection. If the vulnerability was successfully exploited, the attacker could gain access to any confidential information.
Search at Netlas.io:
π Link: https://nt.ls/8CmgD
π Dork: http.body:"plugins/layerslider"
Read more: https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/
π₯6πΎ2
πΎ Netlas 0.23.1 update πΎ
π Two API endpoints added, one depricated
π API schema documentation updated
π Super annoying autocomplete bug fixed!
β We also noticed that Netlas is often used through a proxy without registration. To reduce the load on the servers, the number of requests available to unregistered users has been reduced to 10 β
Changelog: https://nt.ls/changelog
π Netlas Docs update π
π To learn more about the features of Netlas Search tools, read the recently published help topic: https://nt.ls/pPte1
π Details and examples of usage Netlas IP/Domain tool: https://nt.ls/wDuYN
π Two API endpoints added, one depricated
π API schema documentation updated
π Super annoying autocomplete bug fixed!
β We also noticed that Netlas is often used through a proxy without registration. To reduce the load on the servers, the number of requests available to unregistered users has been reduced to 10 β
Changelog: https://nt.ls/changelog
π Netlas Docs update π
π To learn more about the features of Netlas Search tools, read the recently published help topic: https://nt.ls/pPte1
π Details and examples of usage Netlas IP/Domain tool: https://nt.ls/wDuYN
π4πΎ3
CVE-2024-3273: RCE in D-Link NAS, 7.3 rating π₯
The vulnerability can be exploited due to a combination of two weaknesses: a hardcoded account and the ability to inject commands through the βsystemβ parameter. There are many devices affected that have reached the end of their lifespan.
According to GreyNoise, hackers are already carrying out attacks! π¨
Search at Netlas.io:
π Link: https://nt.ls/TyD6H
π Dork: http.body:"Text:In order to access the ShareCenter"
Read more: https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-92-000-d-link-nas-devices-now-exploited-in-attacks/
The vulnerability can be exploited due to a combination of two weaknesses: a hardcoded account and the ability to inject commands through the βsystemβ parameter. There are many devices affected that have reached the end of their lifespan.
According to GreyNoise, hackers are already carrying out attacks! π¨
Search at Netlas.io:
π Link: https://nt.ls/TyD6H
π Dork: http.body:"Text:In order to access the ShareCenter"
Read more: https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-92-000-d-link-nas-devices-now-exploited-in-attacks/
π₯4πΎ3π2
βοΈCookie consent updateβοΈ
To improve usability and functionality of the site, as well as in connection with new requirements from Google, we are changing the mechanism for obtaining cookie consent.
After the update, consent will be consistent across all of our resources, including the website, app, and help portal.
We would be grateful if you check the box again β
To improve usability and functionality of the site, as well as in connection with new requirements from Google, we are changing the mechanism for obtaining cookie consent.
After the update, consent will be consistent across all of our resources, including the website, app, and help portal.
We would be grateful if you check the box again β
πΎ5π€1