Discover unknown vulnerabilities beyond traditional assets: in the cloud, IoT, and your remote workforce | See a Personalized Demo

Blog

Lessons Learned From My CEO Roadshow - David Corcoran Hits the Road to Talk to Employees in Person

by David Corcoran · October 27th, 2020

Censys CEO David Corcoran creates a new tradition; an in person road trip to meet face to face with employees all over the USA, adhering to covid-friendly measures, amid the ongoing pandemic.

A Journey from Coding to Focusing on User Needs

by Eirik Herskedal · September 2nd, 2020

A firsthand account from the early career of Eirik Herskedal, VP of Product here at Censys, on his "ah-ha" moment and subsequent transition from focusing on “how” to build something, to a customer-centric lens on “what” was worthwhile to build.

Censys Summer Internship - Amidst a Pandemic

by Jessica Sinnott · August 18th, 2020

A pandemic that pushed the entire Censys team 100 percent remote could not obstruct our summer internship program! The People Team at Censys persevered through uncertainty and logistical challenges to smoothly onboard six interns from top universities to our design and development teams from May to August.

SAP Vulnerability as Severe as it Gets - Time to Patch

by Zack Hardie · July 15th, 2020

Yesterday morning, we read the disclosure of CVE-2020-6287, named “RECON” (Remotely Exploitable Code On NetWeaver) by Onapsis Research Labs, which affects the latest versions of the SAP NetWeaver Java technology stack. Although the Onapsis Research Labs team estimates that at least 2,500 vulnerable SAP services are Internet-facing, our data shows closer to 10,000, including more than 26 Fortune 500 companies. Learn more about the severity, risks and pervasiveness of RECON.

Saltstack CVE: Keep Patching

by Art Sturdevant · May 12th, 2020

The Censys team has monitored the Saltstack situation, and this is what we’re seeing after 12 days since the CVE was announced.

Critical Saltstack Vulnerability Patching Update - 5 days in

by Art Sturdevant · May 6th, 2020

5 days in: Are people actually patching? A Censys Update on exposed salt servers

MAYDAY! It’s Time To Patch

by Art Sturdevant · May 1st, 2020

Critical Saltstack CVEs Allow For Infrastructure Takeover - This week Saltstack announced two critical vulnerabilities, CVE-2020-11651 and CVE-2020-11652. These vulnerabilities allow an attacker to bypass both authentication and authorization controls to effectively take over anything Saltstack is managing; this includes cloud infrastructure, servers, databases, and in some cases even user endpoints like laptops.

What Can Censys Data See About Where You're Connecting From Now That You're Working From Home?

by Rachel Benson · April 23rd, 2020

Now that you're (probably) working from home, have you checked to see what might be exposed to the internet on your home network? Check out what Censys can find about your IP address. We just put up https://me.censys.io, the super easy way to see what Censys knows about where you're connecting from. A quick click and poof, you'll see ports we found open, banners we grabbed, and more.

Tracking RoamingMantis - Mobile Banking Threat

by Jose Nazario · April 1st, 2020

Let’s go threat hunting in Censys! In this case, we’re hunting for RoamingMantis, a mobile banking threat that affects users by altering local DNS settings for further endpoint abuse. DNS Changer malware isn’t new, but RoamingMantis is a new delivery vehicle.

Actually Helpful Security Tips To Actually Help Your Security Team

by Art Sturdevant · March 24th, 2020

There’s a good chance you’ve heard about COVID-19 and the global pandemic that’s been taking the world by storm. There’s also a good chance that you are, or know, an IT or Security professional that has had their world upended to support a 100% remote workforce that was otherwise non-existent a couple of weeks ago.

Probing the Xiongmai/HiSilicon SoC Vulnerability

by Jose Nazario · February 7th, 2020

News broke this week about a critical vulnerability in the firmware of certain HiSilicon-based devices running software from Xiongmai, including network video recorders, IP enabled cameras, and digital video recorders. At Censys, our extended dataset for enterprise customers, the Universal Internet Data Set (UIDS), has been scanning port 9530 for some time now and found 188,989 hosts with that port open.

Assessing January 2020's Windows Remote Desktop Web Access Vulnerabilities

by Rachel Benson · January 17th, 2020

We walk through how to investigate this month’s Microsoft Windows Remote Desktop Gateway (RD Gateway) vulnerabilities with a system like Censys.

Universal Internet Dataset Gives 20x More Visibility Into IPs Running Torrenting Services

by Morgan Princing · December 20th, 2019

Censys recently released the Universal Internet Dataset, which increases the number of ports scanned from 40 to 1045. This port coverage expansion provided far more visibility into the less visited areas of the internet. The services running on port 443, 80, and 21 provide valuable information, but are much more sterile compared to some of what we find on ports such as 5357 or 10554.

Find 35-50% More Hosts on 1000+ New Ports

by Rachel Benson · December 4th, 2019

We’ve recently added a significant amount of data about 1000 additional ports that you can use to search for assets on uncommon ports. This Universal Internet Data Set data set, this new data set gives you more data about more things! Some of the new ports we’re scanning will help you find things like Kibana, Docker, Redis, and ElasticSearch, for example. To get the full list of these new protocols, head over to our technical documentation page.

Introducing the Censys SaaS Platform

by Rachel Benson · October 29th, 2019

Censys is proud to announce the commercial availability and official launch of our new SaaS Platform, providing organizations a vast and complete inventory of all assets on the internet and enabling them to understand exposure and prevent breaches.