Fresh 1-day vulnerabilities in VMware Workspace ONE Access, Identity Manager ΠΈ vRealize Automation (CVE-2022-31656 - CVE-2022-31659) as seen on Netlas.io. CVSSv3 - 9,8!
http.body:"VMware vRealize Automation Appliance" OR http.favicon.hash_sha256:7eef5dc4dc1055c6e3e479a8ab95efbe0a11660fa7152d1163377bca7d2b8428
http.body:"VMware vRealize Automation Appliance" OR http.favicon.hash_sha256:7eef5dc4dc1055c6e3e479a8ab95efbe0a11660fa7152d1163377bca7d2b8428
π₯3π€©2π1
Netlas (sub)domain search will be available through OWASP Amass soon.
https://github.com/OWASP/Amass/pull/818
https://github.com/OWASP/Amass/pull/818
GitHub
Added Netlas as a datasource and removed IPv4Info by shelld3v Β· Pull Request #818 Β· OWASP/Amass
In-depth Attack Surface Mapping and Asset Discovery - Added Netlas as a datasource and removed IPv4Info by shelld3v Β· Pull Request #818 Β· OWASP/Amass
π₯4π2β€1
We have significantly improved Netlas Domain Resolver. The latest resolve brings much better quality πͺMore than 2 billion domains resolved π
Did you know google.com has more than 500 A-records?
https://app.netlas.io/domains/?q=domain%3Agoogle.com&page=1&indices=
Did you know google.com has more than 500 A-records?
https://app.netlas.io/domains/?q=domain%3Agoogle.com&page=1&indices=
π2
Here is an interesting article by Rapid7 about CVE-2022-36804 (scored 8,8) related to Bitbucket Server:
https://attackerkb.com/topics/iJIxJ6JUow/cve-2022-36804/rapid7-analysis
And here is a good example of Netlas.io search query using versions for this CVE:
https://app.netlas.io/responses/?q=tag.atlassian_bitbucket.version%3A%5B7.6%20TO%207.6.17%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B7.17%20TO%207.17.10%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B7.21%20TO%207.21.4%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.0%20TO%208.0.3%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.1%20TO%208.1.3%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.2%20TO%208.2.2%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.3%20TO%208.3.1%5D&page=1&indices=
https://attackerkb.com/topics/iJIxJ6JUow/cve-2022-36804/rapid7-analysis
And here is a good example of Netlas.io search query using versions for this CVE:
https://app.netlas.io/responses/?q=tag.atlassian_bitbucket.version%3A%5B7.6%20TO%207.6.17%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B7.17%20TO%207.17.10%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B7.21%20TO%207.21.4%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.0%20TO%208.0.3%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.1%20TO%208.1.3%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.2%20TO%208.2.2%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.3%20TO%208.3.1%5D&page=1&indices=
AttackerKB
CVE-2022-36804 | AttackerKB
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.β¦
β‘2π2π₯2
About 33% of the current scan completed. This time we have added support for DNS protocol (both TCP and UDP) and two more industrial protocols: Modbus and Siemens S7 communications.
https://app.netlas.io/responses/?q=protocol%3A(modbus%20OR%20s7%20OR%20dns)&page=1&indices=43
https://app.netlas.io/responses/?q=protocol%3A(modbus%20OR%20s7%20OR%20dns)&page=1&indices=43
π₯4β‘1
An interesting article on SecureList about Schneider Electric controllers vulnerabilities CVE-2020-28212, CVE-2021-22779 and flawed patch. More than 600 industrial controllers possibly affected according to our latest scan (~2/3 completed).
Here is the link to Netlas.io search: https://app.netlas.io/responses/?page=1&q=modbus.mei_response.objects.product_code.keyword%3A%2F%28BME%20%28H%7CP%29%29%7C%28BMX%20P34%29.%2A%2F
Here is the link to Netlas.io search: https://app.netlas.io/responses/?page=1&q=modbus.mei_response.objects.product_code.keyword%3A%2F%28BME%20%28H%7CP%29%29%7C%28BMX%20P34%29.%2A%2F
Securelist
Schneider Electric UMAS protocol vulnerabilities
Kaspersky ICS CERT report on vulnerabilities in Schneider Electric's engineering software that enables UMAS protocol abuse.
π₯3π€―2π1
Dear Netlas.io users!
The Alpha testing phase is close to completion. There will be a major update to Netlas.io in a few days. This update opens the Beta phase. We believe that the core features of Netlas.io are stable and ready to use. We will continue to develop the service, but now it is extremely important for us to move on to monetization. So, the upcoming update will bring a subscription system. π΅π
Read more about upcoming update: https://netlas.io/blog/tpost/xv2e7alik1-upcoming-beta-release
The Alpha testing phase is close to completion. There will be a major update to Netlas.io in a few days. This update opens the Beta phase. We believe that the core features of Netlas.io are stable and ready to use. We will continue to develop the service, but now it is extremely important for us to move on to monetization. So, the upcoming update will bring a subscription system. π΅π
Read more about upcoming update: https://netlas.io/blog/tpost/xv2e7alik1-upcoming-beta-release
π₯2π2π1
Netlas goes to the Beta testing phase.
We added new search tools - host summary and domain whois search, new protocols, privacy detection features and much more. But the general novation is a subscription system.
Read more: https://netlas.io/blog/tpost/ol3n2r3b41-netlas-v0180-release-notes
We added new search tools - host summary and domain whois search, new protocols, privacy detection features and much more. But the general novation is a subscription system.
Read more: https://netlas.io/blog/tpost/ol3n2r3b41-netlas-v0180-release-notes
π3β€1
Fortinet appliances are in the spotlight today!
Authentication Bypass Technical Deep Dive (CVE-2022-40684) by Horizon3.ai: https://tinyurl.com/yc82pwut
Fortinet on Netlas.io:
ππΌ Dork: tag.name:(fortinet OR fortigate_vpn)
ππΌ Link to search: https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=
Authentication Bypass Technical Deep Dive (CVE-2022-40684) by Horizon3.ai: https://tinyurl.com/yc82pwut
Fortinet on Netlas.io:
ππΌ Dork: tag.name:(fortinet OR fortigate_vpn)
ππΌ Link to search: https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=
π₯5
ConnectWise Recover and R1Soft Server Backup Manager RCE bug (CVE-2022-36537) disclosure: https://tinyurl.com/ydresab7
They say: βthere has been no evidence of exploitation in the wildβ, but it is likely a matter of hours or days.
About 5,600 instances potentially affected.
Server Backup Manager on Netlas.io:
ππΌ Dork: http.body:(("zk.wcs" OR "zk.wpd") AND ("Server Backup")) OR http.favicon.hash_sha256:b7b4ce41a9cc86e1923997f5324b476686c953e87e22424e8375eddeb65e63ec
ππΌ Search link: https://app.netlas.io/responses/?q=http.body%3Aβ¦
They say: βthere has been no evidence of exploitation in the wildβ, but it is likely a matter of hours or days.
About 5,600 instances potentially affected.
Server Backup Manager on Netlas.io:
ππΌ Dork: http.body:(("zk.wcs" OR "zk.wpd") AND ("Server Backup")) OR http.favicon.hash_sha256:b7b4ce41a9cc86e1923997f5324b476686c953e87e22424e8375eddeb65e63ec
ππΌ Search link: https://app.netlas.io/responses/?q=http.body%3Aβ¦
Huntress
ConnectWise/R1Soft Server Backup Manager Remote Code Execution & Supply Chain Risks | Huntress
Huntress has validated an initial report for an authentication bypass and sensitive file leak present in the Java framework βZKβ, used within the ConnectWise R1Soft software Server Backup Manager SE.
π₯3π1
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation by Datadog Security Labs
OpenSSL 3.0.0 - 3.0.6 on Netlas.io:
ππΌ Dork: tag.openssl.version:(>=3.0.0 AND <3.0.7)
ππΌ Link to search: https://tinyurl.com/3d94dt6y
OpenSSL 3.0.0 - 3.0.6 on Netlas.io:
ππΌ Dork: tag.openssl.version:(>=3.0.0 AND <3.0.7)
ππΌ Link to search: https://tinyurl.com/3d94dt6y
π2β‘1
Ron Bowes from Rapid7 published deep-dive into CVE-2022-41622 and CVE-2022-41800
https://tinyurl.com/ysfczh9e
F5 BIG-IP & BIG-IQ on Netlas.io:
ππΌ Dork: tag.name:(f5_bigip OR f5_big_ip) OR http.favicon.hash_sha256:a8eef57d094fcf99bae2378eb2c2fc2fb15d12f856c028cc979c04451bee84c2
ππΌ Link to search: https://tinyurl.com/26zn9jdf
https://tinyurl.com/ysfczh9e
F5 BIG-IP & BIG-IQ on Netlas.io:
ππΌ Dork: tag.name:(f5_bigip OR f5_big_ip) OR http.favicon.hash_sha256:a8eef57d094fcf99bae2378eb2c2fc2fb15d12f856c028cc979c04451bee84c2
ππΌ Link to search: https://tinyurl.com/26zn9jdf
Rapid7
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures | Rapid7 Blog
π2
Uncover v.1.0.0 by ProjectDiscovery.io was published today. This new release brings Netlas.io support.
So happy to be on board! πππ«
https://github.com/projectdiscovery/uncover/releases/tag/v1.0.0
So happy to be on board! πππ«
https://github.com/projectdiscovery/uncover/releases/tag/v1.0.0
π₯7π2β€1π1
Right now you can purchase Netlas.io subscription with an 80% discount for a month or even a year! In 5 days the prices will go up.
Choose your pricing plan:
https://app.netlas.io/plans/
Choose your pricing plan:
https://app.netlas.io/plans/
π₯4β‘1π1
Users of Zoho ManageEngine are being urged to patch their instances against CVE-2022-47966. This vulnerability allows an unauthenticated adversary to execute arbitrary code.
Zoho ManageEngine on Netlas.io:
ππΌ Dork: tag.name:"manageengine_servicedesk"
ππΌ Link to search: https://tinyurl.com/yuw2uucn
Zoho ManageEngine on Netlas.io:
ππΌ Dork: tag.name:"manageengine_servicedesk"
ππΌ Link to search: https://tinyurl.com/yuw2uucn
π2π₯1π1
Many thanks to Intercepter NG for the great post. An interesting use-case ππ
https://www.facebook.com/groups/1676741942723339/posts/1712949169102616/
We are pleased to give a six months Business subscription ππ Join his FB group! There are a lot of pretty useful posts there.
https://www.facebook.com/groups/1676741942723339/posts/1712949169102616/
We are pleased to give a six months Business subscription ππ Join his FB group! There are a lot of pretty useful posts there.
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
π2π1π1
Critical CVE-2022-27596, SQL Injection in QNAP NAS appliances, CVSSv3: 9,8 π«£
The fix is available. Security advisory: https://www.qnap.com/en/security-advisory/qsa-23-01
Check if your networks are affected on Netlas.io (just correct an IP range): https://tinyurl.com/4pb4aaz9
The fix is available. Security advisory: https://www.qnap.com/en/security-advisory/qsa-23-01
Check if your networks are affected on Netlas.io (just correct an IP range): https://tinyurl.com/4pb4aaz9
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QTS and QuTS hero - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
β‘4β€1π1π1
JARM Support
Are you a threat hunter? If so, we are pleased to announce that the latest scan has brought JARM support for HTTPS protocol!
ππΌ Use it in responses search: jarm:*
More about JARM fingerprinting: https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a/
Are you a threat hunter? If so, we are pleased to announce that the latest scan has brought JARM support for HTTPS protocol!
ππΌ Use it in responses search: jarm:*
More about JARM fingerprinting: https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a/
Salesforce Engineering Blog
Easily Identify Malicious Servers on the Internet with JARM - Salesforce Engineering Blog
JARM is an active Transport Layer Security server fingerprinting tool that provides the ability to identify and group malicious servers.
π₯7π3
A couple of interesting facts about π₯Jenkins CVE-2023-27898, CVE-2023-27905:
β οΈ Jenkins releases from March, 2021 to March 2023 are affected
β οΈ Even unreachable from the Internet instances could be exploited
β οΈ At least 47,5K vulnerable instances available (directly reachable)
How to search vulnerable Jenkins instances on Netlas.io:
ππΌ Dork: http.headers.x_jenkins:[2.270 TO 2.393]
ππΌ Search link: https://tinyurl.com/487t5s8f
Here is the blog post by Aqua Nautilus Security Research Team about these CVE:
https://blog.aquasec.com/jenkins-server-vulnerabilities
β οΈ Jenkins releases from March, 2021 to March 2023 are affected
β οΈ Even unreachable from the Internet instances could be exploited
β οΈ At least 47,5K vulnerable instances available (directly reachable)
How to search vulnerable Jenkins instances on Netlas.io:
ππΌ Dork: http.headers.x_jenkins:[2.270 TO 2.393]
ππΌ Search link: https://tinyurl.com/487t5s8f
Here is the blog post by Aqua Nautilus Security Research Team about these CVE:
https://blog.aquasec.com/jenkins-server-vulnerabilities
π₯5π1