Detect Citrix Vulnerabilities With the OSINT Tool: CVE-2022-27510, CVE-2022-27518

In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs and Gateways with corresponding security vulnerabilities are [...]

By |2023-01-20T10:30:27+09:00January 20th, 2023|Tags: , |2 Comments

New OpenSSL Vulnerability : More than 14,000 Unpatched Servers

On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602. This vulnerability is related to X.509 Email Address Buffer Overflow. In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verification introduced in OpenSSL 3.0.0. Punycode: The algorithm used to convert Unicode strings to ASCII strings by encoding [...]

By |2023-01-26T12:03:42+09:00November 17th, 2022|Tags: , |0 Comments

Unsecured Jenkins Servers: A Gateway to Major Cybersecurity Flaws

Jenkins is an open-source software designed to create a continuous integration (CI) and continuous delivery and deployment environment for all language combinations and source code repositories. To using Jenkins automates the build, testing, and deployment  to increase software quality and development productivity. It is a web-based console that can be combined with multiple authentication [...]

Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability

How would you feel if your personal information, such as your ID and resume, were posted online? Using an internet-connected multi-function printer (MFP) to scan and email important personal information has become commonplace for individuals and enterprises. Since these files should never be leaked, people transfer their data by setting zip passwords or sending a link with [...]

Search for Defaced Websites Using Title Filter in Asset Search

Website defacement is a cyberattack in which a hacker gains unauthorized access to a website and alters its visual appearance, often leaving behind evidence indicating that the website has been attacked. This attack would feel like nothing if the screen is the only one that is changed. In reality, however, this implies that the hacker gains [...]

Find Your Company IP

With the acceleration of digital transformation and the growing number of companies extending their businesses to the cloud, many unmonitored external attack surfaces (VPNs, RDPs, SMBs, certificates, mobile devices, etc.) are giving rise to frequent attacks by threat actors. To effectively protect against external attacks, it is essential to precisely identify all IT assets and [...]

By |2023-10-31T14:06:28+09:00March 10th, 2022|Tags: , , , |1 Comment

Detecting Vulnerabilities With Asset Search

Developer organizations heavily depend on various tools to support communication, collaboration, and productivity. As a result, there is a growing trend among many companies to embrace application packaging tools like Docker and Kubernetes. Both companies and developers increasingly prefer Docker containers because they can package applications, configurations, and libraries and distribute them in a unified [...]

Criminal IP Analysis Report on Log4j Attack IP Addresses

‘Criminal IP’, a cyber threat intelligence platform of AI Spera AI Spera, a cyber threat intelligence company, has revealed detection and analysis data about 8,900 attack logs on Log4j (Log4Shell) vulnerabilities (CVE-2021-44228) through its own threat intelligence platform ‘Criminal IP’. Since domestic and foreign security industries have yet to respond perfectly to Log4j vulnerabilities, it [...]

By |2023-06-14T15:01:12+09:00January 14th, 2022|Tags: , , , |3 Comments
Go to Top