The following enhancements and improvements are now available to Censys ASM and Search customers.

Censys ASM

• Receive actionable alerts about changes to your attack surface with Saved Query Automation. 
  • Saved Query Automation enables you to send an alert to your integrations when an asset is added to or removed from a saved query. For example, you can configure ASM to send alerts when new risks are detected on assets or tags are newly added to assets. 
  • This initial release features support for email alert delivery. Support for webhooks, Microsoft Teams, Slack, and Webex is forthcoming. 
  • Learn more in this short lesson in the Censys Academy.
  • Saved Query Automation is available to Censys ASM Advanced and Enterprise customers.
• Web entities that are sourced from Cloud Connectors will now be updated multiple times per day. Previously these assets were updated approximately once a day.
• Implemented an update to ensure that non-public assets are not ingested from Cloud Connectors.

Rapid Response

The Censys Rapid Response team published information about and queries for the following vulnerability:

• Critical command injection vulnerability in EOL Zyxel NAS models exploited by botnet (CVE-2024-29973)
  • The following query can be leveraged to identify all Censys-visible, public-facing Zyxel NAS326 and NAS542 instances. Note that Censys do not have visibility into firmware versions.

• Censys Search query: services.software: (vendor: “Zyxel” and product: {“NAS326”, “NAS542”})
• Censys ASM query: host.services.software: (vendor: “Zyxel” and product: {“NAS326”, “NAS542″}) or web_entity.instances.software: (vendor:”Zyxel” and product:{“NAS326”, “NAS542”})

Search and ASM Fingerprints

Added the following fingerprints: