Finding exposed OWA servers vulnerable to proxyshell

A new set of critical vulnerabilities popped-up at this year’s BlackHat edition regarding Microsoft Exchange exploitable via Outlook Web Access. This set of vulnerabilities has been dubbed #proxyshell (aka CVE-2021-34473). GossiTheDog has made available an Nmap script to test for this issue. We have added our own check based on his tool so our customers …

ONYPHE vs Shodan dorks – part 1

We stumbled upon an article written by ESTEBAN BORGES from SecurityTrails. This article shows how to query our main competitor Shodan with a TOP40 of best search requests. We thought it was a good start to perform some form of benchmarking by showing how you can achieve the same results, in even better and easier …

Identifying your Internet exposed Centreon monitoring software

As cybercriminals are exploiting weaknesses in Centreon monitoring software and our customers may be at risk, we thought it would be a good idea to give some details on how to detect this software Internet exposure using our data. Let’s dive into different options for doing so. Identifying Centreon patterns using the data field The …

1,100 Oracle Weblogic servers vulnerable to CVE-2020-14882 can be easily compromised

Back in August 2020, we alerted that many global500 or fortune500 companies could be easily compromised by exploitation of known trivial vulnerabilities. Now, we added a new check to our vulnscan category of information about an unauthenticated remote code execution on Oracle Weblogic servers. This vulnerability is named CVE-2020-14882. Here follows our test results.   …

Many global500 and fortune500 companies still vulnerable to known critical vulnerabilities

Since a few months now, cyber criminals are targeting vulnerabilities in VPN appliances from major brands to compromise and deploy ransomware on affected companies. As we spoke about in a previous blog post, we are checking those vulnerabilities at Internet scale to help our customers find and fix their assets before the bad guys exploit …

Coronavirus pandemic – hospitals are targets for cyber criminals

Source: https://www.youtube.com/watch?v=8GsLEmZTgFo  At ONYPHE, we are very concerned about cyber-criminals taking advantage of the current worldwide coronavirus crisis. At our scale, we want to give a hand to hospitals by giving them free information about vulnerabilities we have discovered on their Internet borders. We are willing to share this data with hospitals or any state …

Analyzing Mirai-FBot infected devices found by MalwareMustDie

Following a blog post from MalwareMustDie (MMD) and some tweets related to an increase in Mirai-FBot detections, we decided to demonstrate the power of our new Bulk Summary API using data published on pastebin. UPDATE-20200305: a new list of infected devices has been put online by MMD so we have updated the JSON file from …

Newsletter 2020#1 – APIv2, new pricing and new Web search features

Dear customers and free users, it is with great pleasure that we announce the general availability of APIv2, a new pricing and new Web search features allowing better and easier navigation with just a mouse click to go deeper into data we collect. 1. APIv2 main changes We have reviewed completely our APIs. We updated …

Open-source projects with ONYPHE integration

In this blogpost, we provide a mostly complete list of open-source projects or libraries that enable you to integrate our data directly within your daily tasks. Libraries Python: PyOnyphe, by @SebDraven – https://github.com/sebdraven/pyonyphe PowerShell: Use-Onyphe, by Lucas Cueff – https://www.powershellgallery.com/packages/Use-Onyphe Perl: Client::Onyphe, by @ONYPHE – https://github.com/onyphe/client Ruby: onyphe-rb, by @ninoseki – https://github.com/ninoseki/onyphe-rb Open-source projects TheHive Project …

Find your exposed Microsoft RDP services

CVE-2019-0708 exploits an unauthenticated remote code execution vulnerability in Microsoft RDP service. As the patch is out, you should apply it as quickly as possible before bad guys start to exploit it. But what if you don’t know where are your servers to patch? Most companies have hard time locating and keeping an inventory of …