runZero Minutes: Our Monthly Newsletter

What's Happening at runZero

Happy summer! Our sweaty Yetis survived the heat dome. We hope you did, too.

While it may be hot outside, we've got some cool product updates. We have a new integration with the CISA KEV catalog, making it easier and faster to identify high-risk vulnerabilities. We also released an integration with Cisco Meraki, and our dashboard got an upgrade with new features you're gonna love in your daily workflows. And that's not all — scroll for more!

Zeti the Yeti and the runZero crew have been on the road. Perhaps you had a sighting at the Gartner Security and Risk Summit or at TechNet Cyber... and soon we'll be headed west for Hacker Summer Camp with a few stops in between.

Finally, our team has been busy publishing Rapid Responses, hosting episodes of runZero Hour, and appearing on podcasts — see the highlights below. 

Let the summer fun begin!

Product Updates

We love our community of runZero users! And we love your feedback. Your insights inspire us to improve and innovate, and we're excited to share some of our latest product updates. Take a read and then try them out for yourself!

Don't have runZero yet? Dive into a 21-day, fully-loaded free trial for up to 100,000 assets, with a smooth transition to our free Community Edition – no sales call required.

 
Start a Free Trial
 
 

CISA KEV, EPSS, & Queries!

Vulnerability enrichment and visibility just got better! New integrations with the CISA Known Exploited Vulnerability (KEV) catalog and the Exploit Prediction Scoring System enable you to track vulnerabilities that are known to be exploited in the wild or that are very likely to be exploited given their characteristics.

Head over to the runZero Platform and use kev:true to find assets and vulnerabilities that match the catalogs from CISA (and other KEV lists in the near future), kev:cisa to search specifically for CISA KEV items, or epss:>score to match EPSS values. Any vulnerabilities or assets identified by the KEV queries or that have an EPSS score above 0.9 should be considered a high priority for further investigation.

For bonus points, these updates also included major performance enhancements for “cve” keyword queries of asset inventories. Go check it out and let us know what you think!




Cisco Meraki Cloud Integration & Topology

runZero now integrates with Cisco Meraki Cloud. This addition imports your devices, clients, and topology into the runZero user interface. The runZero Switch Topology report now overlays Meraki cloud data with SNMP scan data, giving you the best of both worlds, especially in hybrid environments.



User Experience Improvements

runZero dashboards have been updated to improve your user experience and to provide enhanced functionality. Dashboard layouts can now be fully customized using our widget library, and a new customizable bookmarks widget ensures you can quickly access your favorite reports, views, and external websites. Plus, dashboards can now be exported in CSV and PNG formats to make them easy to share.

A new theater/kiosk mode and fullscreen display options have also been added, and adjusted colors throughout the product are designed to improve accessibility, legibility, and consistency. Tables now support a mono-spaced font variant and offer text casing preferences via the "Prefs" dropdown so you can find the one that works best for you.




Other Notable Enhancements

You can always get real-time updates on everything we’re releasing in our documentation center, but here are some additional highlights that you won’t want to miss:

  • Thousands of new fingerprints, additional discovery protocols (including XDMCP, Syslog, and improved EtherNet/IP support), and end-of-life data for additional OSs have been added.
  • Automatic subdomain discovery via the domain: scan keyword now returns more results across more domains.
  • The runZero scan engine now supports Microsoft SQL Server enumeration via TDS version 8.
  • Microsoft Graph API integrations (AzureAD/EntraID, Defender 365, Intune) now support arbitrary $filter parameters.
 
Explore More Updates
 
CTA BUTTON (A)
 
CTA BUTTON (A)
Hacker Summer Camp
Viva Las Vegas!

runZero is gearing up for an action-packed week at Hacker Summer Camp and we hope to see you at one of the many awesome events happening around town!

Join HD Moore and Rob King as they unveil new research on SSH exposures at both Black Hat and DEF CON, swing by to see us at The Diana Initiative, and make sure to visit our runZero Lounge for happy hour after a busy day on the Black Hat show floor.

We're also scheduling 1:1 meetings throughout the week. We invite you to dive deep with our technical team, see personalized demos, and explore the new features in the Platform with the folks who created it.

 
See the Line Up
 
Book a Meeting
 
Join a Happy Hour
Webcasts
runZero Hour: Episode 8
Join us live on July 17 @ 1pm ET • 10am PT
Explore the world of oddball protocols, network oddities, and the latest vulnerabilities (of which there are many!) in the next installment of runZero Hour, featuring our very own researchers.  Register now ›

Unknown Assets are the Achilles Heel of Effective Cyber Defense — And Zero Trust
On-Demand
Achieving complete visibility across complex environments is at the crux of effective defense, as well as a core tenet of zero trust and compliance. Yet gaining an accurate inventory of all IT, OT, IoT, mobile, and remote assets has proven elusive for many organizations. Join HD Moore and Carahsoft for a discussion on persistent challenges and new approaches that are overcoming them. Watch now ›

Department of Energy Cyberforce Program: Operational Technology Threat Landscape
On-Demand
Rob King, runZero Director of Research, and Kylie McClanahan, CTO at Bastazo, joined the the Department of Energy Cyberforce Program to discuss evolving threats, vulnerability management, and securing operational technology for critical infrastructure. Watch now ›

runZero Hour: Episode 7
On-Demand
Guest Brianna Cluck from GreyNoise Labs joined us in June to share her work with honeypots to tag CVE traffic and crack the case on unsolved cyber mysteries. One of our most entertaining episodes to date! Watch now ›

 
See All Webcasts
 
CTA BUTTON (A)
 
CTA BUTTON (A)
Events
Department of Energy Cybersecurity and Technology Innovation Conference
July 29 - August 1 in Dallas, TX
Our federal team is back on the road. Swing by booth 405 to say hello, see a demo, and learn how runZero is improving security for organizations in the energy industry.

Black Hat Briefing: Secure Shells in Shambles
August @ Black Hat Las Vegas, NV
HD Moore and Rob King are diving deep into the Secure Shell protocol, its popular implementations, what’s changed, what hasn’t, and how this leads to unexpected vulnerabilities and novel attacks. They will also be debuting a new free tool, "sshamble," which reproduces these attacks and opens the door for further research.

DEF CON Talk: Sshamble: Unexpected Exposures in SSH
August @ DEF CON Las Vegas, NV
HD Moore and Rob King are back on stage to present additional aspects of their new research on the Secure Shell protocol. They’ll share how their hunt for Jia Tan unexpectedly uncovered new SSH vulnerabilities and novel attacks, and then delve into the intriguing dynamics of how these attacks unfold. 
 
See All Events
 
CTA BUTTON (A)
 
CTA BUTTON (A)
Rapid Response

Did you know runZero can help you respond to remotely-discoverable zero-day threats without security probes or a rescan? It’s true!

Check out our Rapid Responses for tips from the runZero Research team and pre-built queries that can help you identify potential exposures in your environment — and that includes free trial users!


[Updated June 2024]
How to find MOVEit file transfer services on your network

[Updated June 2024]
How to find Siemens devices on your network

[Updated June 2024]
How to find Westermo devices on your network

[Updated June 2024]
How to find Kaspersky products with runZero

[Updated June 2024]
How to find Microsoft Message Queuing (MSMQ) Server

[Updated June 2024]
How to find Citrix NetScaler ADCs and Gateways

[Updated June 2024]
How to find Johnson Controls Software House iStar Pro Door Controller devices

[Updated June 2024]
How to find Uniview NVR301-04S2-P4 devices

 
See All Rapid Responses
 
CTA BUTTON (A)
 
CTA BUTTON (A)
Articles and Podcasts

[runZero Blog]
Using runZero to Verify Network Segmentation

[GreyNoise Storm Watch Podcast] 
1 Year Anniversary Celebration With Special Guest HD Moore

[Risky.Biz Podcast]
Rob King Unpacks Findings from the New runZero Research Report

[Press Release]

runZero Research Explores Unexpected Exposures in Enterprise Infrastructure
 
Read More Articles
 
CTA BUTTON (A)
 
CTA BUTTON (A)