News & Insights

Topic: Shadowserver

Announcing the Device Identification Report

September 8, 2021
We have introduced a new report type, the Device Identification Report. This report contains a list of devices we have identified in our daily Internet scans. The assessment is made based on all our IPv4-wide Internet scan types. All scan responses are processed by a scan signature engine that classifies IPs based on predefined rules that match various response fields. The report is intended for recipients to get a better understanding of device population types on networks they are responsible for

Job Opening: System Administrator

June 24, 2021
Position is for hands on, physical system administrator in the Oakland area.

21nails: Reporting on Vulnerable SMTP/Exim Servers

May 20, 2021
We have recently started to perform a full IPv4 Internet-wide scan for accessible SMTP services and will report out possible vulnerabilities that have been observed, with a current focus on Exim (in the future non-Exim vulnerabilities may be added). We scan by performing a connection to port 25, recognizing an SMTP response and collecting the banner served. These connections look just like a normal SMTP connection, there is not any attempt to exploit the port, only to collect the banner information from that connection to the server. Our scan uncovered 317,848 distinct Exim IPs that likely contain 21nails vulnerabilities (as discovered by Qualys) based on the connected banner identification.

Announcing the New Report Delta Mode Option

April 29, 2021
A new opt-in feature in our reporting mechanism will allow for reporting only the changes of the data from day to day: the report delta mode option. In this mode, every Sunday we will continue to deliver a full set of reports on all events observed on a report recipients’s network. For the rest of the week, for every distinct report type we will report only the difference between events seen on that day relative to the Sunday report. This will continue throughout the week until the following Sunday, when everything is reset and a full report is delivered again.

Announcing the New Reports API

April 22, 2021
We are happy to announce a completely new way of accessing our reports - via a RESTful API. Every report recipient can now choose to opt in to this delivery method and receive a unique API key and unique secret.

Changes in Sinkhole and Honeypot Report Types and Formats

April 1, 2021
Over the years, Shadowserver’s report list has grown considerably from when we originally started. When some of these reports were originally set up, the requirements were different to those needed today. We have therefore decided to implement changes with some of the existing report types, especially those related to our sinkholes and honeypots, as well as remove some legacy reports. Changes will come into effect on 2021-06-01. On that day, the old reports will cease and only the new equivalents will be sent out. Until that time, starting 2021-04-05 both the old reports and new reports will function in parallel.

Shadowserver Special Report – Exchange Scanning #5

March 24, 2021
A new one-off Special Report covering efforts to identify additional vulnerable and compromised Microsoft Exchange servers and associated common web shell that are configured to use DNS based virtual hosting, rather than direct IPv4 /0 scanning for default web sites, containing data for the period 2021-03-16 to 2021-03-22.

UK Foreign, Commonwealth & Development Office funds Shadowserver surge in Africa and Indo-Pacific regions

March 18, 2021
Can you help Shadowserver sign up more countries/networks in Africa and the Info-Pacific to receive our free daily network reports and help secure the Internet? We are running a UK FCDO funded surge in Feb/March 2021, aimed at increasing outreach and expanding our honeypot sensor network in those regions. We are seeking introductions, contacts and hosting so please get in touch if you can help us achieve these goals.

Shadowserver Special Reports – Exchange Scanning #4

March 15, 2021
Another internet wide scan based one-off Special Report identifying 59218 potentially vulnerable Microsoft Exchange Servers on 2021-03-14 courtesy of Kryptoslogic, with a comparison of the degree of overlap in coverage between this data set and our previous one-off Special Report that was just released. If your mail servers appear in either report - please patch immediately.

Shadowserver Special Reports – Exchange Scanning #3

March 15, 2021
Another one-off Special Report identifying 73608 potentially vulnerable Microsoft Exchange Servers during the period 2021-03-13 and 2021-03-14, which corresponds to 63115 unique IP addresses in 211 countries. These exposed systems remain at very high risk and need patching immediately.