Discover Your Potentially Vulnerable SMB Servers

June 12, 2019 by Sally Feller

Censys recently added massive amounts of new Internet scan data about SMB ports. SMB is a good example of low-hanging fruit for attackers, because it’s a protocol used across many services and has a lengthy history of insecure configurations or implementation bugs.

Read More

Around 1600 Sharepoint Servers Vulnerable to Attack

May 21, 2019 by The Censys Team

A new security vulnerability leaves about 1600 Sharepoint servers open to attack. Explore how we tracked this CVE and see if your organization is affected.

Read More

How to Make Sure Your Elasticsearch Databases Aren’t Exposed

May 7, 2019 by Sally Feller

Most organizations that use Elasticsearch databases use it to store business and customer information. It’s popular for web applications because it allows for easy ingestion and search, making powerful applications easy to develop. Use Censys to find out if your company is properly securing Elasticsearch databases.

Read More

Discover SSL/TLS Protocol in Use in Your Organization

April 24, 2019 by Sally Feller

Censys indexes TLS certificates associated with hosts and services and also tracks a few specific vulnerabilities, which means you can use it to find outdated, insecure devices and certificates in your organization. We’ll take you through a few of those searches, related to TLS.

Read More

Now Available: Maltego Integration for Censys Users

April 18, 2019 by The Censys Team

We’re excited to announce that Censys users can now take advantage of the incredible power of Maltego’s visualization tools to help enrich and understand their assets. Using Censys with Maltego makes it easier for you to visualize vulnerabilities and complex relationships between digital assets.

Read More

Hunting for Threats: Coinhive Cryptocurrency Miner

April 10, 2019 by Sally Feller

In this article, we’ll teach you how to think like threat hunters and use the open source tool YARA alongside Censys to find Coinhive, a cryptocurrency miner service.

Read More

Update ASAP: Apache HTTP Web Server Patch Fixes Critical Security Issue

April 3, 2019 by Sally Feller

Apache HTTP Web Server users should update their servers immediately to prevent critical security flaws for cloud and shared web hosting providers. Use Censys to find the Apache HTTP Web Servers your organization is using, even the ones you didn’t already know about, that are actually connected to the Internet, potentially vulnerable, and require patching.

Read More

New Whitepaper: Why Internet Data Should be Part of Your Security Strategy

April 2, 2019 by Sally Feller

In our latest whitepaper, we walk through how to use Internet security data within your organization to find what you didn’t know you had and secure it. Internet security data provides comprehensive visibility into your business’ infrastructure, including all the hosts and servers outside your traditional managed network.

Read More

Prevent Unnecessary Risk from pcAnywhere

March 21, 2019 by Sally Feller

pcAnywhere is an insecure remote access application, but your employees may be using it without your knowledge. Find those instances in Censys and then provide employees with secure remote access alternatives so they can work remotely.

Read More

Banners from Top 1,000 Ports Now Available to Enterprise Customers

March 20, 2019 by The Censys Team

Censys now performs broad, lightweight scans on over 1,000 TCP/IP services and publishes a daily snapshot that includes the certificates and banners found on each host.

Read More

How to Find Servers Using MQTT and AMQP Protocols

March 19, 2019 by Sally Feller

We recently added MQ Telemetry Transport (MQTT) and the Advanced Message Queuing Protocol (AMQP) protocols to our dataset. Here’s a quick rundown of what these protocols are used for, what security risks they carry with them, how to search for servers and devices that use MQTT and AMQP, and how to secure those servers.

Read More

Finding and Securing FTP Sites with Censys

March 11, 2019 by The Censys Team

FTP sites can act as easy gateways for attackers to get into business systems, due to common misuse and misconfiguration issues. In this article, we show you how to use FTP banner grabs to find unknown and/or unsecured business FTP sites. Once located, we’ll walk you through steps for securing them or, better yet, moving to SaaS file-sharing offerings with security tools built-in.

Read More

Finding Hacked Web Servers

March 5, 2019 by The Censys Team

In this article, we’ll show you one way to find hacked web servers. There are endless methods of hunting for affected web servers and this is just one example to get you started in thinking about your efforts in this area.

Read More

17K Building Control (BACnet) Servers Connected to the Internet

February 26, 2019 by The Censys Team

Building Automation and Control network (BACnet) is one of the most popular SCADA protocols that building automation and control systems use to operate. Censys searches for five of the most popular SCADA protocol (including Modbus, S7, BACnet, DNP3, Tridium Fox) and a quick search shows that there are 16,899 BACnet servers accessible across the Internet.

Read More

Hunting Mirai Control Servers Using Known Shell Scripts

February 19, 2019 by The Censys Team

The Mirai Botnet made much of the Internet inaccessible for the US East Coast back in late 2016, taking advantage of insecure IoT devices. Malware similar to Mirai in both behavior and structure is still very much in use across the Internet today. We set out find the servers that host it using Censys.

Read More

A Dream of the 90s - Bulletin Board Systems

February 13, 2019 by Paul A. Parkanzky

There was a time before widespread adoption of the Internet when communities of local Bulletin Board Systems (BBSes) ruled the day in all their ANSI-colored text-based glory. Some BBSes are still active in 2019 and you can find them in Censys. To the nostalgia machine…

Read More

Playing Defense By Locating Pre-Attacks

February 5, 2019 by The Censys Team

Defend your organization before phishing campaigns are even launched by finding adversary pre-attack infrastructure. In this post, we provide a few tips for finding fraudulent domains in Censys.

Read More

The Most Common Protocol You’ve Never Heard Of

January 29, 2019 by The Censys Team

As CWMP is one of most common protocol across the Internet, we explored the security of the protocol and what kind of risks it poses. Moreover, are there any real risks for the corporate world or is this just a consumer technology problem?

Read More

Track & Monitor IPMI Devices

January 23, 2019 by The Censys Team

We recently started scanning for IPMI devices in Censys so that administrators can search for them and prioritize migrating them to a private network.

Read More

Magecart - Threat Hunting Edition

January 15, 2019 by The Censys Team

Magecart was the malware behind the British Airways and Ticketmaster data breaches a few years back and, unfortunately, it’s still alive and well. Here's how to hunt for Magecart using Censys.

Read More

Finding and Monitoring RDP and VNC with Censys

January 7, 2019 by Sally Feller

We added data for remote desktop protocol (RDP) and virtual network computing (VNC) to Censys. Now you can search for any RDP or VNC servers that are online and tied to your organization and ensure that they’re locked down appropriately.

Read More

PHP 5 Still 3 Times More Popular than PHP 7, Even With End of Support Looming

December 13, 2018 by The Censys Team

First released in 2004, PHP 5 is one of the most popular web scripting languages in use today, but in a few weeks (December 31) PHP 5 will stop receiving security patches. We break down how many hosts are still "Powered by PHP" versions 5 and 7. If you’re worried about your sites’ web applications, don’t worry; there are some actions below which will help determine whether this a problem for your particular network along with guidance on steps to take to remediate the risk.

Read More

Finding Apache Tomcat Servers in Your Network

December 4, 2018 by Sally Feller

Today, we’re going to show you how you might look for suspicious-looking Apache Tomcat servers and either secure them or take them offline to prevent exploitation.

Read More

Who's Down with IPP?: Finding Internet-Connected Printers with Censys

September 24, 2018 by The Censys Team

Censys results now include Internet Printing Protocol (IPP), which allows anyone to get a quick read of how many printers are connected to the Internet and locate any printers their organization may have inadvertently exposed to the public.

Read More

Find Oracle Database Servers with CVE-2018-3110 Vulnerability

September 21, 2018 by The Censys Team

Oracle recently released a critical patch for their Database Server product. This post explains how to find servers on the Internet that are affected by this vulnerability.

Read More

Introducing Relational Database Scanning

June 18, 2018 by The Censys Team

To help organizations investigate and monitor whether they’ve mistakenly exposed databases, we're adding scanning for four popular relational database servers: MySQL, PostgreSQL, Microsoft SQL Server, and Oracle Database.

Read More

Announcing Censys Paid Plans

January 25, 2018 by The Censys Team

Last summer, Censys began a new chapter: we graduated from the University of Michigan and became a company. This transition will help Censys become an even more powerful tool for securing devices and networks, and it allows us to offer Censys to businesses and enterprises for the first time. Today, we’re introducing Censys Basic, Censys Pro, and Censys Enterprise paid plans, which allow commercial use and include technical support.

Read More

Tracking the Mirai Botnet

December 14, 2017

The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. The Censys team joined forces with collaborators from across the security field to track Mirai-infected devices, analyze the botnet's evolution, and understand how to improve defenses.

Read More at the Cloudflare Blog

DROWN: Decrypting RSA with Obsolete and Weakened eNcryption

July 1, 2016

DROWN is a serious vulnerability that affects HTTPS and other services that rely on TLS. It allows attackers to break the encryption and read or steal sensitive communications. We were part of a collaborative effort that discovered DROWN and measured its impact. 33% of all HTTPS servers were vulnerable to the attack.

Read More at DrownAttack.com

Weak Diffie-Hellman and the Logjam Attack

May 20, 2015

Diffie-Hellman key exchange is a cryptographic algorithm that is fundamental to many protocols, including TLS, SSH, and IPsec. We and colleagues uncovered important weaknesses in how Diffie-Hellman has been deployed: the Logjam attack against TLS, and the likelihood that nation-state attackers can defeat 1024-bit Diffie-Hellman.

Read More at WeakDH.org

The FREAK Attack

March 3, 2015

The FREAK attack allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. Shortly after the attack was announced, we began tracking the population of vulnerable sites.

Read More

The POODLE Attack and Tracking SSLv3 Deployment

October 14, 2014

In October 2014, Google disclosed the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3. The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection. Data we collected about SSLv3 deployment helped support browser-makers' decision to disable support for SSLv3.

Read More

Heartbleed Bug Health Report

April 7, 2014

The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords. We and our collaborators tracked the vulnerable population and measured exploitation attempts, and later published a comprehensive analysis of the vulnerability and its aftermath.

Read More

HTTPS Ecosystem Scans

October 1, 2013 by Zakir Durumeric

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem—the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, we gain detailed and temporally fine-grained visibility into this otherwise opaque area of security-critical infrastructure.

Read More

Widespread Weak Keys in Network Devices

August 8, 2012

We and colleagues performed a large-scale study of RSA and DSA cryptographic keys in use on the Internet and discovered that significant numbers of keys are insecure due to insufficient randomness. Nearly 6% of TLS hosts and nearly 10% of SSH hosts share public keys in an apparently vulnerable manner, due to either insufficient randomness during key generation or device default keys. Nearly all the vulnerable hosts are headless and embedded network devices, such as routers, firewalls, and server management cards.

Read More at Factorable.net