Censys Attack Surface Management Platform Release Notes March 2022 - April 2024
This page features release notes for the Censys Attack Surface Management (ASM) platform from March 17, 2022 through April 2024. For more recent releases, reference this article.
April 2024
Attack Surface Management
Full risk and asset data in Splunk Cloud and Splunk Enterprise
You can now gain access to key risk event and logbook event data in Splunk Cloud and Enterprise. This data is also supported for both hosts and web entities. You don’t need custom scripts or workarounds to use risk and logbook event data in your SIEM.
Adjustable and Reorderable Table Columns
Reorder your Inventory table columns to see the columns you care about. Adjust column widths in the Inventory table columns to better see the values you care about. Learn more here.
Certificate Risks for Hosts and Web Entities
You are now informed if any hosts or web entities are presenting certificates that are expired, revoked, without a trusted path, or wildcards. You can identify and respond to certificate risks more quickly because you are immediately notified if a host or web entity is presenting a risky certificate.
4 hour cloud host asset updates
Hosts from cloud connectors are now updated from our global scan data every 4 hours, more accurately capturing changes we observe from the cloud connectors. This change is an improvement from the 1 time a day updates. Learn more here.
Internet Map
TLS Version Enumeration
You can view all supported TLS versions instead of just the selected version.
JA4+
Added JA4S and JA4X fingerprints for TLS sessions to enable interoperation with other security products. More will be added in future releases.
March 2024
Track the Rescan API Status
This release lets you check the status of a rescan (queued, in-progress, successful, failed) within the Rescan Service API. This gives you better visibility and predictability when using rescanning assets for risks.
Searchable Host WhoIs Information
This release adds whois information to the host asset schemas in ASM, allowing you to search across, build aggregations for, and leverage whoIS information in inventory and inventory APIs.
December 2023 through Feb 2024
Automated Rapid Response - Phase 1
With this release, customers can take advantage of an automated mechanism for sending out rapid response emails. This mechanism is faster than the current manual email delivery, reducing the time between the rapid response risk being published and remediated by the customer. When a new rapid response risk is added, each workspace is checked to see if the risk is present or not. Users can customize what type of rapid response email they receive to avoid alert fatigue.
Guaranteed Deletion of Customer Integration Data after a Censys Workspace is removed
When a customer wants to delete a workspace, we ensure that none of their integration user data is preserved after the fact. When their workspace is deleted, their workato instances and cloud connectors are scheduled for deletion in 30 days. After the 30 days, these components are deleted forever, removing any final data dependency.
Jira Integration
This release allows users to configure the jira integration in the integration marketplace, and after it's configured, users can manually create jira tickets for assets and their risks. As part of jira ticket creation, users can define the correct project, issue type, reporter, and assignee for the ticket. They can also customize the summary and description of the ticket.
Attack Surface Overview report template
This release lets customers select, view, and export an Attack Surface Overview Report on the reporting page. The Attack Surface Overview Report gives users a way to export the information shown on the Attack Surface Overview Dashboard. The report gives users a point-in-time view of their attack surface, displaying asset counts, assets by environment, top risks, top countries, and discovery source breakdowns.
Add saved query functionality to API
The Saved Query API allows users to view, create, edit, and delete saved queries via a new RESTful API endpoint. Saved Queries can be used in Inventory APIs to query for assets or to build aggregations. Users can access the endpoints from the API directly or through our supported SDKs.
Trends & Exposure Overview Report templates
This release adds the Trends Report and the Exposure Overview report to the list of available templates on the reporting page.
Integrations Marketplace Release
This release involves the launch of the Integrations Marketplace to all Attack Surface Management customers. This includes features like removing internal-only cards like the Censys connectors and ensuring that customer understand how to set up an integration.
November 9, 2023
-
Updated the CLI tool in the ASM Python SDK with new commands:
-
List seeds command
-
Replace labeled seeds command
-
Delete labeled seed command
-
Delete all seeds command
-
Delete seeds command
-
November 2, 2023
-
Updated Censys-Found Seeds flow to display changes since a previous run instead of displaying all found seeds.
-
Users have a chance to review changes before they are applied to the workspace.
-
Enterprise customers have the ability to automate seed finding. If enabled, Censys will search for seeds every day and notify users via email of changes requiring review.
-
October 3, 2023
-
Added a new Trends and Benchmark dashboard
The new dashboard provides high-level metrics about attack surface size, risk counts, and average length of exposure for risks, with drill-down capabilities to understand why the metric is what it is currently and how it has changed over time. Learn more
September 29, 2023
-
Fixed a bug where Azure storage buckets were incorrectly showing up as discoverable in Inventory.
September 26, 2023
-
Release Unified Cloud Connector v3.2.0
See what’s new.
September 21, 2023
-
Added new API endpoints for subdomains that do not require a top-level domain in the path.
September 14, 2023
-
Added a new integration health check page to provide more transparency into processes and failures related to Censys Attack Surface Management integrations with downstream security applications.
-
Added cloud account ID to detail pages. When applicable, this information is now found in the Overview panel.
-
Added items to the Inventory navigation menu to go to asset-specific tabs on the Inventory page.
-
Added
aggregateField
as a parameter to the Inventory URL when the aggregation UI is open to enable linking to aggregations.
August 31, 2023
-
Removed deprecated asset list pages.
-
Changed default sort of domains in the inventory page by web entity count, in descending order.
August 18, 2023
-
Added a column called Account ID to display project/account information for assets ingested from cloud connectors.
July 20, 2023
-
Updated dashboard with more accurate counts, better risk analysis and summary information at a glance, and improved links to inventory search results to jump-start investigations.
-
Added aggregation interface to the inventory experience. Aggregations are used to show breakdowns of values for any field in the inventory schemas.
May 31, 2023
-
Added one new risk for Exposed HP iLO Device
The HP Integrated Lights-Out (iLO) device is designed as an embedded server management system, with administrative rights over remote systems, capability that makes it a target.
May 10, 2023
-
Unified Cloud Connectors v3.1.2 - Patch Release
This release includes improvements to address:
-
Addition of timestamps to loglines
-
Retries for 429 rate limit errors
-
Improved handling of 500 errors
-
-
Added New Inventory Columns:
-
Universal
-
Risk Type - The name(s) of risks detected on assets.
-
-
Hosts
-
AS Name - A short description of the autonomous system.
-
-
Certificates
-
Wildcard Cert - A boolean indicating whether a certificate’s names sections contain a wildcard name (e.g.,
*.example.com
) -
Key Strength - A measure of the number of bits in the key used to encrypt data during a TLS session.
-
-
Web Entities
-
Service Names - A de-duplicated list of all service names observed on the instances of the web entity.
-
-
-
Fixed a bug where seed label & Account ID from Azure and GCP Cloud Connectors were not displaying.
-
Fixed a bug where asset tabs on the Inventory page were in the wrong order.
May 4, 2023
-
Added ability to export ALL results in inventory for Advanced and Enterprise Customers
Previously, users could only export the top 1000 results. This is available to customers in all tiers except Core Tier.
-
Added the ability to suppress subdomains of names from the inventory.
Asset exclusion does not specifically prevent subdomains of a name on the list from entering customer attack surfaces if they are discovered in paths that do not include the excluded name. The new list allows the additional option to suppress subdomains of a name and can be used in conjunction with or separate from the asset exclusion list for maximum control over asset discovery.
-
Fixed a bug in user comments on Storage Bucket pages
The name of the user who submitted a comment on the storage buckets page is once again displayed.
May 3, 2023
-
Added one new risk for CVE-2023-27350 and CVE-2023-27351: Exposed PaperCut Print Management Server
These two vulnerabilities are being actively exploited in certain versions of PaperCut software.
April 17, 2023
-
Made Account ID a default column on the Storage Buckets tab of the Inventory page.
-
Added the cloud account information to assets listed in Discovery Paths.
April 13, 2023
-
Added coverage for two new risks:
-
CVE-2023-21554 — Microsoft Message Queuing (MSMQ) Service
A remotely-exploitable vulnerability in the obscure Windows Message Queuing (MSMQ) service that can lead to remote code execution (RCE).
-
Unauthenticated Jaeger UI Dashboard Application
A Jaeger UI Dashboard application is used to trace information related to transactions between distributed services and does not require authentication.
-
March 31, 2023
-
Improved ability to detect over 70 new kinds of software, including GoAnywhere MFT, which had a critical zero day vulnerability, covered by our Rapid Response Blog in February of 2023
March 23, 2023
-
Added coverage for one new risk: Exposed browserless.io Instance, which contains information about host systems.
March 7, 2023
-
Added coverage for CVE-2022-47986 — IBM Aspera Faspex RCE Vulnerability
A pre-authentication vulnerability in the Aspera Faspex file transfer solution can be leveraged to inject code resulting in remote code execution (RCE). This vulnerability is known to be exploited in the wild.
February 21, 2023
-
Added coverage for two new risks:
-
CVE-2023-0669 GoAnywhere MFT Admin Console RCE Vulnerability
This vulnerability allows pre-auth RCE in GoAnywhere Managed File Transfer software that can lead to sensitive data exposure. This vulnerability is known to be exploited in the wild.
-
Exposed Service Location Protocol (SLP) Service Detection
Services using the Service Location Protocol, which enables service discovery on a local network, are now detected.
-
February 9, 2023
-
Additional risk context added to 59 existing risks.
The risks now highlight exposed credentials and tokens to improve time to remediation in the case of Information Leakage. The “View Scan Results” button now highlights the matched value, providing relevant insight into why the risk triggered, and reducing the time to validate the risk.
January 26, 2023
-
Released six new risks to cover CVE-2022-47966 - RCE in Numerous ManageEngine Products.
A vulnerability affecting twenty-four different ManageEngine products that can result in pre-authentication remote code execution (RCE) on the server the software runs if SAML authentication has ever been enabled. This results from using a version of the open-source project “Apache Santuario” that is ten years out of date and assisting the product with SAML authentication. This vulnerability is known to be exploited in the wild.
January 24, 2023
-
Released a new risk for CVE-2023-20025 - Vulnerable Cisco Router
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.
-
Released a new risk for Exposed CentOS WebPanel
Several vulnerabilities, including remote code execution, exist for this service.
January 4, 2023
-
Released one new risk for CVE-2022-40684 - Vulnerable Fortinet FortiOS
Exploitation of this vulnerability involves authentication bypass and a subsequent ability to issue commands as an administrative user (CVSSv3 9.8 out of 10)
December 9, 2022
-
Released two new risks for CVE-2022-46169 and Cacti service exposure.
Cacti is a network graphing solution which may contain sensitive information such as internal network configurations.
CVE-2022-46169 is a command injection vulnerability that allows an unauthenticated user to execute arbitrary code on a server running Cacti if a specific data source was selected for any monitored device.
December 1, 2022
-
Released a new risk for CVE-2021-35587, which allows for Pre-auth Remote Code Execution in Oracle Fusion Middleware for full take over of Oracle Access Manager.
CISA recently added CVE-2021-35587 and CVE-2022-4135 to its Known Exploited Vulnerabilities catalog. Learn more on our blog.
November 22, 2022
-
Released a new risk for Vulnerable Bitbucket Server [CVE-2022-43781], a command injection vulnerability. Check your attack surface for this vulnerability here.
November 21, 2022
-
Released four new risks that add coverage for 44 new vulnerabilities (CVEs) related to Pulse Connect Secure.
November 16, 2022
-
Added support for AWS to the Unified Cloud Connectors. Customers can now manage their AWS, Azure and Google Cloud Provider connectors in a unified deployment. Access them on GitHub.
-
Integrated risk events into the Censys Attack Surface Management App and Add-on for Splunk, in addition to logbook events.
November 1, 2022
-
Added a new risk for the Vulnerable OpenSSL Version 3.x [CVE-2022-3602] Zero-Day announced on Tuesday Oct. 25. Today, OpenSSL released more information, including downgrading the severity to high, and a patch for impacted systems.
We’ve also created an Interactive Dashboard tracking vulnerable OpenSSL servers to enable the security community at large.
October 20, 2022
-
Improved discovery trails provide an association reason and metadata for each asset in your inventory to speed up the process of verifying ownership.
October 04, 2022
-
Added a new risk for the Microsoft Exchange Zero-Day identified on Sept. 30, 2022.
There is also an Interactive Dashboard tracking the vulnerable exchange servers to enable the security community at large.
September 29, 2022
-
Improved Risks Type Management page delivers the highly requested ability to export risk types to ensure organizational compliance, as well as improved filtering and search capabilities to customize organizational risk tolerance.
September 12, 2022
-
Added new risks to catch common C2 frameworks advertised as penetration testing tools:
-
Cobalt Strike
-
Sliver
-
Covenant
-
Mythic
-
PoshC2
-
View the new risk types on the risk configuration page.
August 25, 2022
-
Added 40+ new detections to add coverage for ICS (Industrial Control Systems), medical devices, and additional security tools.
August 18, 2022
-
Improved usability on Risk Prioritization page to include:
-
Respect filters and custom columns when downloading to CSV.
-
Added customizable columns on the table view in Risk Prioritization to empower more triage workflows.
-
-
Website associated with a risk is now displayed on the Risk details page as well as in the click to expand on the prioritization page.
August 1, 2022
New Inventory Page
Finding the problems that will get you breached is faster and more efficient than ever with one single page for all your assets that can be searched with pinpoint precision.
Read the docs.
July 29, 2022
The Censys Python SDK 2.7.1 released with support for the following:
-
Added Subdomain Enumeration CLI using the Censys Search API
-
Updated Censys Search CLI options
-
Updated Censys Attack Surface Management Add Seeds CLI to support Nmap XML input files
-
Added support for Censys Attack Surface Management v2 Risks API
Learn more here.
July 4, 2022
Improved Cloud Connector Capability in GCP & Azure
-
Added Docker deployment method to reduce the level of effort to scan cloud assets.
-
Enabled serverless deployment of GCP.
-
Added Kubernetes support.
June 30, 2022
Risk Triage and Prioritization Improvements
-
Triage and Prioritize Internet Risks better.
-
Review and Accept Individual risk instances.
-
Complete actions in bulk such as changing the severity.
June 2, 2022
Automated Onboarding and Seed Finding
-
Censys Attack Surface Management can now find key data used to generate the attack surface.
Easily review subsidiaries, registrant organization information, and registrant email information before kicking off the generation of attack surface discovery. Learn more on this guide.
Manual data input/upload remains unchanged.
March 31, 2022
-
Historical events have been added back to the details pane on the Configure Risks page to display the most recent changes and who made them.
-
Risk types that identify token exposures have been improved to reduce false-positive detections.
March 28, 2022
-
The new Censys logo is now present in the Attack Surface Management platform.
March 21, 2022
-
Workspaces are now listed alphabetically in the drop down navigation.
March 17, 2022
Risk Improvements
Censys Attack Surface Management risk identification enables practitioners to proactively defend and secure their organizations from adversaries. This release makes the following improvements:
-
Adds 100+ new risk types into the platform to expand coverage and facilitate better risk-based prioritization. See the configure risks page to learn more about each risk type.
-
Increases Censys' responsiveness to the rapidly evolving threat landscape with the ability to add emerging risk types on a weekly basis.
-
Enables practitioners to tailor risks to match their organization’s environment and business needs through configurable risk severities at both the individual instance level as well at the workspace level.
-
Enhances the risk remediation workflow by adding an option to accept an individual risk instance.
-
Improves usability with changes such as navigating from an Inventory list page to the Risk details tab in a single click.
-
Updates recommended severities for 26 risk types
In response to customer feedback, the recommended severity for every risk type in our platform was reevaluated by our risk and vulnerability team, resulting in new recommended severities for 26 risk types. Severity was assessed on three factors: impact, exploitability, and likelihood.
Customers wishing to change their workspace’s default severity for the types listed below to the new Censys-recommended severity can do so on the risk configuration page.
The recommended severities for the following risk types have been raised:
-
Exposed RDP Service severity increased from Medium → High
-
Exposed SSH Service severity increased from Low → Medium
-
Unencrypted CWMP Service severity increased from Low → Medium
-
Unencrypted IMAP Service severity increased from Low → Medium
-
Unencrypted POP3 Service severity increased from Low → Medium
-
Vulnerable Confluence Server [CVE-2021-26084] severity increased from High → Critical
-
Vulnerable Log4j Apache Solr Service [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j Generic [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j Metabase [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j Neo4j [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j PagerDuty Rundeck [CVE-2021-44228] severity increased from High → Critical
-
Vulnerable Log4j UniFi Network Appliance [CVE-2021-44228] severity increased from High → Critical
The recommended severities for the following risk types have been downgraded:
-
Exposed AMQP Service severity decreased from High → Low
-
Exposed pcAnywhere Service severity decreased from High → Medium
-
EOL Apache HTTPD Software severity decreased from High → Low
-
EOL Apache Traffic Server Software severity decreased from High → Medium
-
EOL Eclipse Jetty Software severity decreased from High → Medium
-
EOL Nginx Software severity decreased from High → Medium
-
EOL OpenSSL Software severity decreased from High → Medium
-
EOL PHP Software severity decreased from High → Medium
-
IPP Service Exposed severity decreased from High → Low
-
Outdated TLS Version severity decreased from Medium → Low
-
Exposed SNMP Service severity decreased from High → Medium
-
Vulnerable CentOS WebPanel [CVE-2021-45467] severity decreased from High → Medium
-
Weak Auth Page severity decreased from High → Medium
-
Weak TLS Cipher severity decreased from Medium → Low
Read More About Risks
Learn how to assess risk in the Attack Surface Management platform.
See a list of the risk types that the Attack Surface Management platform identifies.
Comments
0 comments
Please sign in to leave a comment.