Neglected Default Password, a Security Flaw

Default Password, a pre-configured password for a device, can be easily found on the internet and instruction manuals, thus must be changed during the initial setup. If not, because anybody who knows the default password can login into the account, it provides an attack vector for nearly every corporate network resulting in hacking and cracking [...]

By |2022-08-12T14:46:21+09:00June 23rd, 2022|Tags: , , , |0 Comments

Search for Corporate IP Addresses Using AS_Name Filter on Asset Search

The majority of domains and IP addresses on the internet have whatsocalled  Whois information, which refers to internet asset owners information such as domain name, IP address, and AS(abbreviation for Autonomous System). This Whois information helps users estimate where the cyberattack was initiated and has been widely used in digital forensics. Criminal IP provides you [...]

By |2022-08-04T18:13:20+09:00June 17th, 2022|Tags: , , , |0 Comments

Search for Website Defacement Using Title Filter in Asset Search(title:”hacked by”)

Website Defacement (Link: Description of Website Defacement) , which refers to a cyber attack where a hacker penetrates a website and changes its visual appearance, is an act of intentionally leaving evidence that the website has been attacked. This attack would feel like nothing if the screen is the only one that is changed. [...]

Search for Remote Management Systems Exposed to Attack Surface Using SSL Certificate Search Feature (ssl_issuer_organization)

Among the filters of Asset Search provided by Criminal IP (hereinafter referred to as CIP) is ssl_issuer_organization. Using this filter, you can check which institution’s certificate was signed by an SSL protocol such as https. When we look at the SSL certificate of below, for example, “Verified by” is noted as “Sectigo Limited(formerly [...]

By |2022-08-04T18:14:33+09:00May 25th, 2022|Tags: , , , |0 Comments

Criminal IP Analysis Report on Recent Hidden Malicious Code Sites on a Chinese HFS HTTP File Servers

NAS has become an increasingly common way to handle files and backup storage. As usage increases, NAS security issues, particularly with QNAP and Synology products, are frequently spotted. In addition to its vulnerabilities with CVE ID, critical NAS data is exposed to the internet defenselessly, making it easy to be leaked by simple attacks that [...]

Find Your Company IP

With the acceleration of digital transformation and the growing number of companies extending their businesses to the cloud, many unmonitored external attack surfaces (VPNs, RDPs, SMBs, certificates, mobile devices, etc.) are giving rise to frequent attacks by threat actors. To successfully protect external attack surface, IT assets must be identified with pinpoint precision and real-time [...]

By |2022-08-04T16:27:46+09:00March 10th, 2022|Tags: , , , |1 Comment

Detection of Vulnerability Through Asset Search

Developer organizations heavily rely on numerous tools to facilitate communication, collaboration, and productivity, and more and more companies are markedly turning to application packaging tools such as Docker and Kubernetes. Because Docker containers allow you to visualize applications, configurations, libraries , distribute them, and install in one go without the need to work on private [...]

Go to Top