Censys ASM Platform Release Notes
This reverse chronologically ordered list of release notes is designed to help our customers understand changes made to improve their experience using the Censys ASM platform and leveraging the insight in their security operations.
September 26, 2023
-
Release Unified Cloud Connector v3.2.0
See what’s new.
September 14, 2023
-
Added a new integration health check page to provide more transparency into processes and failures related to Censys ASM integrations with downstream security applications.
-
Added cloud account ID to detail pages. When applicable, this information is now found in the Overview panel.
-
Added items to the Inventory navigation menu to go to asset-specific tabs on the Inventory page.
-
Added
aggregateField
as a parameter to the Inventory URL when the aggregation UI is open to enable linking to aggregations.
August 31, 2023
-
Removed deprecated asset list pages.
-
Changed default sort of domains in the inventory page by web entity count, in descending order.
August 18, 2023
-
Added a column called Account ID to display project/account information for assets ingested from cloud connectors.
July 20, 2023
-
Updated dashboard with more accurate counts, better risk analysis and summary information at a glance, and improved links to inventory search results to jump-start investigations.
-
Added aggregation interface to the inventory experience. Aggregations are used to show breakdowns of values for any field in the inventory schemas.
May 31, 2023
-
Added one new risk for Exposed HP iLO Device
The HP Integrated Lights-Out (iLO) device is designed as an embedded server management system, with administrative rights over remote systems, capability that makes it a target.
May 10, 2023
-
Unified Cloud Connectors v3.1.2 - Patch Release
This release includes improvements to address:
-
Addition of timestamps to loglines
-
Retries for 429 rate limit errors
-
Improved handling of 500 errors
-
-
Added New Inventory Columns:
-
Universal
-
Risk Type - The name(s) of risks detected on assets.
-
-
Hosts
-
AS Name - A short description of the autonomous system.
-
-
Certificates
-
Wildcard Cert - A boolean indicating whether a certificate’s names sections contain a wildcard name (e.g.,
*.example.com
) -
Key Strength - A measure of the number of bits in the key used to encrypt data during a TLS session.
-
-
Web Entities
-
Service Names - A de-duplicated list of all service names observed on the instances of the web entity.
-
-
-
Fixed a bug where seed label & Account ID from Azure and GCP Cloud Connectors were not displaying.
-
Fixed a bug where asset tabs on the Inventory page were in the wrong order.
May 4, 2023
-
Added ability to export ALL results in inventory for Advanced and Enterprise Customers
Previously, users could only export the top 1000 results. This is available to customers in all tiers except Core Tier.
-
Added the ability to suppress subdomains of names from the inventory.
Asset exclusion does not specifically prevent subdomains of a name on the list from entering customer attack surfaces if they are discovered in paths that do not include the excluded name. The new list allows the additional option to suppress subdomains of a name and can be used in conjunction with or separate from the asset exclusion list for maximum control over asset discovery.
-
Fixed a bug in user comments on Storage Bucket pages
The name of the user who submitted a comment on the storage buckets page is once again displayed.
May 3, 2023
-
Added one new risk for CVE-2023-27350 and CVE-2023-27351: Exposed PaperCut Print Management Server
These two vulnerabilities are being actively exploited in certain versions of PaperCut software.
April 17, 2023
-
Made Account ID a default column on the Storage Buckets tab of the Inventory page.
-
Added the cloud account information to assets listed in Discovery Paths.
April 13, 2023
-
Added coverage for two new risks:
-
CVE-2023-21554 — Microsoft Message Queuing (MSMQ) Service
A remotely-exploitable vulnerability in the obscure Windows Message Queuing (MSMQ) service that can lead to remote code execution (RCE).
-
Unauthenticated Jaeger UI Dashboard Application
A Jaeger UI Dashboard application is used to trace information related to transactions between distributed services and does not require authentication.
-
March 31, 2023
-
Improved ability to detect over 70 new kinds of software, including GoAnywhere MFT, which had a critical zero day vulnerability, covered by our Rapid Response Blog in February of 2023
March 23, 2023
-
Added coverage for one new risk: Exposed browserless.io Instance, which contains information about host systems.
March 7, 2023
-
Added coverage for CVE-2022-47986 — IBM Aspera Faspex RCE Vulnerability
A pre-authentication vulnerability in the Aspera Faspex file transfer solution can be leveraged to inject code resulting in remote code execution (RCE). This vulnerability is known to be exploited in the wild.
February 21, 2023
-
Added coverage for two new risks:
-
CVE-2023-0669 GoAnywhere MFT Admin Console RCE Vulnerability
This vulnerability allows pre-auth RCE in GoAnywhere Managed File Transfer software that can lead to sensitive data exposure. This vulnerability is known to be exploited in the wild.
-
Exposed Service Location Protocol (SLP) Service Detection
Services using the Service Location Protocol, which enables service discovery on a local network, are now detected.
-
February 9, 2023
-
Additional risk context added to 59 existing risks.
The risks now highlight exposed credentials and tokens to improve time to remediation in the case of Information Leakage. The “View Scan Results” button now highlights the matched value, providing relevant insight into why the risk triggered, and reducing the time to validate the risk.
January 26, 2023
-
Released six new risks to cover CVE-2022-47966 - RCE in Numerous ManageEngine Products.
A vulnerability affecting twenty-four different ManageEngine products that can result in pre-authentication remote code execution (RCE) on the server the software runs if SAML authentication has ever been enabled. This results from using a version of the open-source project “Apache Santuario” that is ten years out of date and assisting the product with SAML authentication. This vulnerability is known to be exploited in the wild.
January 24, 2023
-
Released a new risk for CVE-2023-20025 - Vulnerable Cisco Router
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.
-
Released a new risk for Exposed CentOS WebPanel
Several vulnerabilities, including remote code execution, exist for this service.
January 4, 2023
-
Released one new risk for CVE-2022-40684 - Vulnerable Fortinet FortiOS
Exploitation of this vulnerability involves authentication bypass and a subsequent ability to issue commands as an administrative user (CVSSv3 9.8 out of 10)
December 9, 2022
-
Released two new risks for CVE-2022-46169 and Cacti service exposure.
Cacti is a network graphing solution which may contain sensitive information such as internal network configurations.
CVE-2022-46169 is a command injection vulnerability that allows an unauthenticated user to execute arbitrary code on a server running Cacti if a specific data source was selected for any monitored device.
December 1, 2022
-
Released a new risk for CVE-2021-35587, which allows for Pre-auth Remote Code Execution in Oracle Fusion Middleware for full take over of Oracle Access Manager.
CISA recently added CVE-2021-35587 and CVE-2022-4135 to its Known Exploited Vulnerabilities catalog. Learn more on our blog.
November 22, 2022
-
Released a new risk for Vulnerable Bitbucket Server [CVE-2022-43781], a command injection vulnerability. Check your attack surface for this vulnerability here.
November 21, 2022
-
Released four new risks that add coverage for 44 new vulnerabilities (CVEs) related to Pulse Connect Secure.
November 16, 2022
-
Added support for AWS to the Unified Cloud Connectors. Customers can now manage their AWS, Azure and Google Cloud Provider connectors in a unified deployment. Access them on GitHub.
-
Integrated risk events into the Censys ASM App and Add-on for Splunk, in addition to logbook events.
November 1, 2022
-
Added a new risk for the Vulnerable OpenSSL Version 3.x [CVE-2022-3602] Zero-Day announced on Tuesday Oct. 25. Today, OpenSSL released more information, including downgrading the severity to high, and a patch for impacted systems.
We’ve also created an Interactive Dashboard tracking vulnerable OpenSSL servers to enable the security community at large.
October 20, 2022
-
Improved discovery trails provide an association reason and metadata for each asset in your inventory to speed up the process of verifying ownership.
October 04, 2022
-
Added a new risk for the Microsoft Exchange Zero-Day identified on Sept. 30, 2022.
There is also an Interactive Dashboard tracking the vulnerable exchange servers to enable the security community at large.
September 29, 2022
-
Improved Risks Type Management page delivers the highly requested ability to export risk types to ensure organizational compliance, as well as improved filtering and search capabilities to customize organizational risk tolerance.
September 12, 2022
-
Added new risks to catch common C2 frameworks advertised as penetration testing tools:
-
Cobalt Strike
-
Sliver
-
Covenant
-
Mythic
-
PoshC2
-
View the new risk types on the risk configuration page.
August 25, 2022
-
Added 40+ new detections to add coverage for ICS (Industrial Control Systems), medical devices, and additional security tools.
August 18, 2022
-
Improved usability on Risk Prioritization page to include:
-
Respect filters and custom columns when downloading to CSV.
-
Added customizable columns on the table view in Risk Prioritization to empower more triage workflows.
-
-
Website associated with a risk is now displayed on the Risk details page as well as in the click to expand on the prioritization page.
August 1, 2022
New Inventory Page
Finding the problems that will get you breached is faster and more efficient than ever with one single page for all your assets that can be searched with pinpoint precision.
Read the docs.
July 29, 2022
The Censys Python SDK 2.7.1 released with support for the following:
-
Added Subdomain Enumeration CLI using the Censys Search API
-
Updated Censys Search CLI options
-
Updated Censys ASM Add Seeds CLI to support Nmap XML input files
-
Added support for Censys ASM v2 Risks API
Learn more here.
July 4, 2022
Improved Cloud Connector Capability in GCP & Azure
-
Added Docker deployment method to reduce the level of effort to scan cloud assets.
-
Enabled serverless deployment of GCP.
-
Added Kubernetes support.
June 30, 2022
Risk Triage and Prioritization Improvements
-
Triage and Prioritize Internet Risks better.
-
Review and Accept Individual risk instances.
-
Complete actions in bulk such as changing the severity.
June 2, 2022
Automated Onboarding and Seed Finding
-
Censys ASM can now find key data used to generate the attack surface.
Easily review subsidiaries, registrant organization information, and registrant email information before kicking off the generation of attack surface discovery. Learn more on this guide.
Manual data input/upload remains unchanged.
March 31, 2022
-
Historical events have been added back to the details pane on the Configure Risks page to display the most recent changes and who made them.
-
Risk types that identify token exposures have been improved to reduce false-positive detections.
March 28, 2022
-
The new Censys logo is now present in the Attack Surface Management platform.
March 21, 2022
-
Workspaces are now listed alphabetically in the drop down navigation.
March 17, 2022
Risk Improvements
Censys ASM risk identification enables practitioners to proactively defend and secure their organizations from adversaries. This release makes the following improvements:
-
Adds 100+ new risk types into the platform to expand coverage and facilitate better risk-based prioritization. See the configure risks page to learn more about each risk type.
-
Increases Censys' responsiveness to the rapidly evolving threat landscape with the ability to add emerging risk types on a weekly basis.
-
Enables practitioners to tailor risks to match their organization’s environment and business needs through configurable risk severities at both the individual instance level as well at the workspace level.
-
Enhances the risk remediation workflow by adding an option to accept an individual risk instance.
-
Improves usability with changes such as navigating from an Inventory list page to the Risk details tab in a single click.
-
Updates recommended severities for 26 risk types
In response to customer feedback, the recommended severity for every risk type in our platform was reevaluated by our risk and vulnerability team, resulting in new recommended severities for 26 risk types. Severity was assessed on three factors: impact, exploitability, and likelihood.
Customers wishing to change their workspace’s default severity for the types listed below to the new Censys-recommended severity can do so on the risk configuration page.
The recommended severities for the following risk types have been raised:
-
Exposed RDP Service severity increased from Medium → High
-
Exposed SSH Service severity increased from Low → Medium
-
Unencrypted CWMP Service severity increased from Low → Medium
-
Unencrypted IMAP Service severity increased from Low → Medium
-
Unencrypted POP3 Service severity increased from Low → Medium
-
Vulnerable Confluence Server [CVE-2021-26084] severity increased from High → Critical
-
Vulnerable Log4j Apache Solr Service [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j Generic [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j Metabase [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j Neo4j [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j PagerDuty Rundeck [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j UniFi Network Appliance [CVE-2021-44228] severity increased from High → Critical
The recommended severities for the following risk types have been downgraded:
-
Exposed AMQP Service severity decreased from High → Low
-
Exposed pcAnywhere Service severity decreased from High → Medium
-
EOL Apache HTTPD Software severity decreased from High → Low
-
EOL Apache Traffic Server Software severity decreased from High → Medium
-
EOL Eclipse Jetty Software severity decreased from High → Medium
-
EOL Nginx Software severity decreased from High → Medium
-
EOL OpenSSL Software severity decreased from High → Medium
-
EOL PHP Software severity decreased from High → Medium
-
IPP Service Exposed severity decreased from High → Low
-
Outdated TLS Version severity decreased from Medium → Low
-
Exposed SNMP Service severity decreased from High → Medium
-
Vulnerable CentOS WebPanel [CVE-2021-45467] severity decreased from High → Medium
-
Weak Auth Page severity decreased from High → Medium
-
Weak TLS Cipher severity decreased from Medium → Low
Read More About Risks
Learn how to assess risk in the ASM platform.
See a list of the risk types that the ASM platform identifies.
Comments
0 comments
Please sign in to leave a comment.