Detect Citrix Vulnerabilities With the OSINT Tool: CVE-2022-27510, CVE-2022-27518

In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs and Gateways with corresponding security vulnerabilities are [...]

By |2023-01-20T10:30:27+09:00January 20th, 2023|Tags: , |0 Comments

New OpenSSL Vulnerability : More than 14,000 Unpatched Servers

On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602. This vulnerability is related to X.509 Email Address Buffer Overflow. In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verification introduced in OpenSSL 3.0.0. Punycode: The algorithm used to convert Unicode strings to ASCII strings by encoding [...]

By |2023-01-26T12:03:42+09:00November 17th, 2022|Tags: , |0 Comments

One Vulnerable Jenkins Server, That’s All They Need

Jenkins is an open-source software designed to create a continuous integration (CI) and continuous delivery and deployment environment for all language combinations and source code repositories. To using Jenkins automates the build, testing, and deployment  to increase software quality and development productivity. It is a web-based console that can be combined with multiple authentication [...]

Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability

How would you feel if your personal information like ID and resume were on the internet? Today, using an internet-connected multi-function printer (hereinafter referred to as MFP) to scan different types of important personal information and send them by email has become a norm for both individuals and enterprises. Since these files should never be [...]

Search for Website Defacement Using Title Filter in Asset Search(title:”hacked by”)

Website Defacement (Link: Description of Website Defacement) , which refers to a cyber attack where a hacker penetrates a website and changes its visual appearance, is an act of intentionally leaving evidence that the website has been attacked. This attack would feel like nothing if the screen is the only one that is changed. [...]

Find Your Company IP

With the acceleration of digital transformation and the growing number of companies extending their businesses to the cloud, many unmonitored external attack surfaces (VPNs, RDPs, SMBs, certificates, mobile devices, etc.) are giving rise to frequent attacks by threat actors. To successfully protect external attack surface, IT assets must be identified with pinpoint precision and real-time [...]

By |2022-08-04T16:27:46+09:00March 10th, 2022|Tags: , , , |1 Comment

Detection of Vulnerability Through Asset Search

Developer organizations heavily rely on numerous tools to facilitate communication, collaboration, and productivity, and more and more companies are markedly turning to application packaging tools such as Docker and Kubernetes. Because Docker containers allow you to visualize applications, configurations, libraries , distribute them, and install in one go without the need to work on private [...]

Criminal IP Compilation: The Analysis Report of Over 8,900 Log4j Attack IP Addresses

‘Criminal IP’, a cyber threat intelligence platform of AI Spera   AI Spera, a cyber threat intelligence company, has revealed detection and analysis data about 8,900 attack logs on Log4j (Log4Shell) vulnerabilities (CVE-2021-44228) through its own threat intelligence platform ‘Criminal IP’. Since domestic and foreign security industries have yet to perfectly respond to Log4j vulnerabilities, [...]

By |2022-08-04T16:20:00+09:00January 14th, 2022|Tags: , , , |2 Comments
Go to Top