The Enterprise Attack Surface Has Grown Exponentially with Boom in Remote Work. Monitor & Protect It. - Learn More

Menu

Ready to Get
Started?

Contact Sales

Blog

Saltstack CVE: Keep Patching

by Art Sturdevant · May 12th, 2020

The Censys team has monitored the Saltstack situation, and this is what we’re seeing after 12 days since the CVE was announced.

Critical Saltstack Vulnerability Patching Update - 5 days in

by Art Sturdevant · May 6th, 2020

5 days in: Are people actually patching? A Censys Update on exposed salt servers

MAYDAY! It’s Time To Patch

by Art Sturdevant · May 1st, 2020

Critical Saltstack CVEs Allow For Infrastructure Takeover - This week Saltstack announced two critical vulnerabilities, CVE-2020-11651 and CVE-2020-11652. These vulnerabilities allow an attacker to bypass both authentication and authorization controls to effectively take over anything Saltstack is managing; this includes cloud infrastructure, servers, databases, and in some cases even user endpoints like laptops.

What Can Censys Data See About Where You're Connecting From Now That You're Working From Home?

by Rachel Benson · April 23rd, 2020

Now that you're (probably) working from home, have you checked to see what might be exposed to the internet on your home network? Check out what Censys can find about your IP address. We just put up https://me.censys.io, the super easy way to see what Censys knows about where you're connecting from. A quick click and poof, you'll see ports we found open, banners we grabbed, and more.

Tracking RoamingMantis - Mobile Banking Threat

by Jose Nazario · April 1st, 2020

Let’s go threat hunting in Censys! In this case, we’re hunting for RoamingMantis, a mobile banking threat that affects users by altering local DNS settings for further endpoint abuse. DNS Changer malware isn’t new, but RoamingMantis is a new delivery vehicle.

Actually Helpful Security Tips To Actually Help Your Security Team

by Art Sturdevant · March 24th, 2020

There’s a good chance you’ve heard about COVID-19 and the global pandemic that’s been taking the world by storm. There’s also a good chance that you are, or know, an IT or Security professional that has had their world upended to support a 100% remote workforce that was otherwise non-existent a couple of weeks ago.

Probing the Xiongmai/HiSilicon SoC Vulnerability

by Jose Nazario · February 7th, 2020

News broke this week about a critical vulnerability in the firmware of certain HiSilicon-based devices running software from Xiongmai, including network video recorders, IP enabled cameras, and digital video recorders. At Censys, our extended dataset for enterprise customers, the Universal Internet Data Set (UIDS), has been scanning port 9530 for some time now and found 188,989 hosts with that port open.

Assessing January 2020's Windows Remote Desktop Web Access Vulnerabilities

by Rachel Benson · January 17th, 2020

We walk through how to investigate this month’s Microsoft Windows Remote Desktop Gateway (RD Gateway) vulnerabilities with a system like Censys.

Universal Internet Dataset Gives 20x More Visibility Into IPs Running Torrenting Services

by Morgan Princing · December 20th, 2019

Censys recently released the Universal Internet Dataset, which increases the number of ports scanned from 40 to 1045. This port coverage expansion provided far more visibility into the less visited areas of the internet. The services running on port 443, 80, and 21 provide valuable information, but are much more sterile compared to some of what we find on ports such as 5357 or 10554.

Find 35-50% More Hosts on 1000+ New Ports

by Rachel Benson · December 4th, 2019

We’ve recently added a significant amount of data about 1000 additional ports that you can use to search for assets on uncommon ports. This Universal Internet Data Set data set, this new data set gives you more data about more things! Some of the new ports we’re scanning will help you find things like Kibana, Docker, Redis, and ElasticSearch, for example. To get the full list of these new protocols, head over to our technical documentation page.

Introducing the Censys SaaS Platform

by Rachel Benson · October 29th, 2019

Censys is proud to announce the commercial availability and official launch of our new SaaS Platform, providing organizations a vast and complete inventory of all assets on the internet and enabling them to understand exposure and prevent breaches.

Another Critical Exim Flaw, and How to Determine if You’re Affected

by Rachel Benson · September 30th, 2019

Exim, the widely used, open-source mail transfer agent (MTA), released an urgent security update regarding Exim versions, up to and including 4.92.2. The vulnerability (CVE-2019-16928) is a heap-based buffer overflow (memory corruption) issue in string_vformat defined in string.c file of the EHLO Command Handler component, allowing hackers to trigger a denial of service on a targeted Exim server using a specifically crafted line in the EHLO command.

More Than 4.5M Exim Instances Vulnerable to Remote Code Execution Attacks

by · September 9th, 2019

One of the most popular email servers disclosed a severe security bug today that warrants investigation. The official advisory from Exim (CVE-2019-15846), notes that “all versions up to and including 4.92.1” are affected by this vulnerability. We searched our data to better understand the scope of this issue and found around 4.5M Exim instances, running on around 2M IPs, are affected. All of these instances would need to patched or take offline to fully mitigate this issue.

New MySQL-Related Default Insecurity Affects 7500+ Apps

by · August 21st, 2019

A new MySQL-related default setting can cause some real headaches/insecurities. We wanted to quickly assess just how many hosts were affected by this issue so that our Enterprise customers could find insecure SphinxSearch hosts they own, including those that are in use within their organization.

New! Search Censys for Prometheus Endpoints

by · August 20th, 2019

Now you can easily search for exposed Prometheus endpoints in our IPv4 data set. Since these applications can lead to data loss if not properly secured, it’s important to find any that are still are the Internet that you and your team are no longer using so you’re not opening your organization up to unnecessary risk. We’ll walk you through how to find them in this article.

Ready to Get Started?

Get a real-time view of all your organization's assets so you can proactively prevent threats.