Outage early morning of 31 may

This morning ShadowTrackr was unreachable from the internet. The outage lasted a bit more than 2 hours, and was caused by a failing automatic payment for the domain registration. The warning emails for this unfortunately went to the wrong email address.

All is back to normal, sincere apologies for the inconvenience.

CISA vulnerability reports added

The US Cybersecurity and Infrastructure Security Agency (CISA) maintains a very useful list of actively abused vulnerabilities. That list is now available in ShadowTrackr internally as extra fields on the cves index. The specific fields are mentioned in the cves index documentation.

To save you some effort there are 3 new reports available in the report library that use this data:

CISA - Your vulnerable assets
A report with your assets that have CVEs mentioned by CISA. These are actively exploited, you want this list to be empty.

CISA - Most recent CVEs
A list of all vulnerabilities that CISA added to their list in the last month

CISA - Most exploited products
An overview of the products that where most often exploited in the last 3 months.

More vulnerabilities found

As you might notice in the software vulnerabilities and weekly reports, as of last weekend ShadowTrackr finds more vulnerabilities. The CVE database is completely renewed, and with it we have a new version matching algorithm that is better than the previous one.

The vulnerabilities are still shown in the same way as before, it's just that more are detected.

One thing that is different is that the CVE database is also available as an index in ShadowTrackr, and you can query it if you want, for instance:

index=cves product=nginx cvss_score>8

Or:

index=cves product=php version=8.2.8

The primary reason to create and index for the CVEs is to be able to us it in reports. Some additional information still needs to be added for that to be really useful, but the first steps have been taken now :-)