Have you seen the Shadowserver Dashboard? Did you know it provides critical information on what people outside your network can see into your network? Did you know that the Dashboard and free reports can save your network …. all you need to do is track down the exposure and fix it (before the criminals use it to break into your network? Shadowserer provides one of the most critical tools to protect your network. Organizations that do not leverage this free “Cyber-Civil Defense” resource are missing out on critical security information about your network that is provided as a free public benefit.
Shadowserver’s Dashboard is one of those free-public benefit tools. The Dashboard provides a map of vulnerabilities, risks, and unpatched systems with a global view. Shadowserver is expanding the language options of their Dashboard. Indonesian, Malay, Filipino, Thai, and Arabic will be offered.
While the translations are done with professional translators, the Shadowserver team asks for help. The team seeks network/security professionals to help provide validation and context. If you are interested, please email contact@shadowserver.org.
How Does the Shadowserver Dashboard Help You?
New vulnerabilities, attacks, and other risks are announced every day. Shadowserver’s suite of services is combined to provide each organization with their Daily Network Reporting and the update to Shadowserver’s Dashboard. With the dashboard, you can explore active risk and attack vectors. Here are several examples:
Example – 1, we have a Service Location Protocol (SLP) DDoS Amplification Risk. Is this a risk to your network? Use the Shadowserver Dashboard to see how many potential SLP reflectors are online and consider the DDoS risk. (Report on SLP potential DDoS Risk)
Example – 2 Shadowserver sees over 7100 Cisco routers vulnerable to compromise through CVE-2017-6742. While old, this vulnerability is actively exploited by APT28 to deploy malware, as detailed in the UK NCSC’s Jaguar Tooth malware analysis report: https://ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jaguar-tooth/NCSC-MAR-Jaguar-Tooth.pdf…
Example 3 – Checkpoint reported on a critical unauthorized remote code execution vulnerability in Microsoft Message Queuing (MSMQ services) CVE-2023-21554, which they named QueueJumper. Shadowserver immediately scanned for exposed Microsoft Message Queuing (MSMQ) services on IPv4/IPv6, and over 403K were found on 2023-04-12. Note these are not necessarily vulnerable to QueueJumper; nevertheless, they should not be accessible to the public Internet in the first place.
Make sure to filter traffic to port 1801/TCP & apply the MS patch (see:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554)
Try Shadowserver’s Dashboard. It is an easy way to illustrate the potential risk. For example, Hong Kong and South Korean companies should be on alert when Checkpoint announces QueueJumper. Shadowserver’s bonus would be the Daily Network Reporting. These reports are updated daily via email and APIs. The reports would detail your network of devices open to MSMQ vulnerability.
Subscribe to Reports here and check out a video of the Cyber-Civil Defence benefits Shadowserver provides.
Are you looking for more practical, public-service Security Advice?
- Subscribe to the Senki Community Mailing List. You can sign up for the mailing list for updates here: Stay Connected with Senki’s Updates.
- Subscribe to Senki’s YOUTUBE Channel for videos on this and other security topics.
- Ask questions to Barry Greene – bgreene@senki.org
The materials and guides posted on www.senki.org here are designed to help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit and Meaningful Security Conversations with your Vendors. Each is no-nonsense security for all Operators. It provides details to help them build more security-resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights.