The following enhancements and improvements are now available to Censys ASM and Search customers.
Censys ASM
- Accepted risk events now appear in the Microsoft Sentinel risk table via our integration. This enables you to manage a single list of accepted risks in Microsoft Sentinel, instead of two separate lists.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:
- Unauthenticated RCE in Veeam Backup & Replication nCVE-2024-40711]
- To identify all exposed Veeam Backup & Replication servers, the following Censys queries can be used:
- Censys Search Query: services.software: (vendor: “Veeam” and product: “Backup Server”) and not labels: {tarpit, honeypot, truncated}
- Censys ASM Query: host.services.software: (vendor: “Veeam” and product: “Backup Server”) or web_entity.instances.software: (vendor: “Veeam” and product: “Backup Server”)
- To identify all exposed Veeam Backup & Replication servers, the following Censys queries can be used:
- Mirai Botnet Variant Targeting Unpatchable AVTECH CCTV Camera Command Injection Vulnerability dCVE-2024-7029]
- To identify exposed AVTECH cameras, the following Censys queries can be used:
- Censys Search Query: services.http.response.body:{`/avtech/jpg/left.jpg`, `href="/avtech/favicon.ico"`} or services.http.response.headers: (key: `Server` and value.headers: `Linux/2.x UPnP/1.0 Avtech/1.0`)
- Censys ASM Query: host.services: (software.vendor:"AVTECH" AND software.product:"IP Camera")
- To identify exposed AVTECH cameras, the following Censys queries can be used:
New Fingerprints
Added the following fingerprints:
| Type | Name | Description | Query |
| software | AVTECH IP Camera | This is an AVTECH IP camera for video surveillance. It's designed for integration into existing networks and provides real-time monitoring. | |
| software | SpiderFlow | This is a SpiderFlow Server. |