Neglected Default Password, a Security Flaw

A default password, a preconfigured password for a device or software, can be easily found on the internet and in instruction manuals; thus, it must be changed during the initial setup. If the default password is not changed, it can create a significant security vulnerability, as anyone who knows the default password can easily gain access to [...]

By |2023-05-24T16:28:21+09:00June 23rd, 2022|Tags: , , , |1 Comment

Search for Corporate IP Addresses Using AS_Name Filter on Asset Search

Most domains and IP addresses on the internet have WHOIS information, which includes details of the internet asset owners, such as their domain name, IP address, and AS (Autonomous System) number. This WHOIS information helps users estimate where the cyberattack was initiated and has been widely used in digital forensics.  Criminal IP provides the "as_name" filter that enables users [...]

By |2023-05-24T16:12:43+09:00June 17th, 2022|Tags: , , , |0 Comments

Search for Defaced Websites Using Title Filter in Asset Search

Website defacement is a cyberattack in which a hacker gains unauthorized access to a website and alters its visual appearance, often leaving behind evidence indicating that the website has been attacked. This attack would feel like nothing if the screen is the only one that is changed. In reality, however, this implies that the hacker gains [...]

Search for Exposed Remote Management Systems With SSL Certificates

One of the available filters of Asset Search provided by Criminal IP is ssl_issuer_organization. This filter allows you to determine which institution's certificate was used to sign an SSL protocol, such as HTTPS. For instance, if we examine the SSL certificate of criminalip.io, we can see that it is "Verified by" Sectigo Limited (formerly known as Comodo CA), which indicates that a [...]

By |2023-05-12T09:28:56+09:00May 25th, 2022|Tags: , , , |0 Comments

Criminal IP Analysis Report: Recent Discovery of Hidden Malicious Code Sites on Chinese HFS HTTP File Servers

With the growing need for efficient file handling and backup storage, Network Attached Storage (NAS) has emerged as a widely adopted solution. However, this increased usage has also brought attention to significant security issues surrounding NAS, particularly concerning popular products like QNAP and Synology. Besides the vulnerabilities identified with CVE ID, NAS systems also face [...]

Find Your Company IP

With the acceleration of digital transformation and the growing number of companies extending their businesses to the cloud, many unmonitored external attack surfaces (VPNs, RDPs, SMBs, certificates, mobile devices, etc.) are giving rise to frequent attacks by threat actors. To effectively protect against external attacks, it is essential to precisely identify all IT assets and [...]

By |2023-05-25T10:43:37+09:00March 10th, 2022|Tags: , , , |1 Comment

Detecting Vulnerabilities With Asset Search

Developer organizations heavily depend on various tools to support communication, collaboration, and productivity. As a result, there is a growing trend among many companies to embrace application packaging tools like Docker and Kubernetes. Both companies and developers increasingly prefer Docker containers because they can package applications, configurations, and libraries and distribute them in a unified [...]

Go to Top