External Attack Surface Management with Sn1per Enterprise

External Attack Surface Management with Sn1per

In the world of cybersecurity, it’s important to constantly be on the lookout for new threats. One way to do this is by keeping an eye on your organization’s external attack surface. Your external attack surface is the sum total of all the ways a hacker could potentially gain access to your systems—and it’s always changing. That’s why external attack surface management is so important. By monitoring your external attack surface and making sure it’s as secure as possible, you can help protect your organization from a wide range of cyber threats.

(more…)

Sn1per SE v10.2 Update

Sn1per Scan Engine v10.2 Released!

Sn1per SE (Scan Engine) v10.2 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive updates.

(more…)

Sn1per-CVE-2022-26134-detection1

Confluence RCE via OGNL template injection (CVE-2022-26134)

A critical vulnerability affecting the Atlassian Confluence was disclosed and designated CVE-2022-26134 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional and Sn1per Enterprise.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

Sn1per-CVE-2022-1388-Scanner1

BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional

A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

Sn1per Professional v10.1 SE Update Released!

Sn1per Professional v10.1 Scan Engine (SE) update is now available for Sn1per Professional v10.0 customers with a ton of new features and improvements. This update is part of the Sn1per Professional SE development branch which is exclusively available only to Sn1per Professional v10.0 customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive scan engine updates.

(more…)