Rumble Blog

December 3, 2021

Finding HP printers and MFPs vulnerable to Printing Shellz

Do you have HP printers and multi-function printers (MFPs)? You might want to look at the two recently published vulnerabilities that affect 150+ models. Named “Printing Shellz” by the F-Secure security researchers who reported them, these vulns have been around for ~8 …

Read More

November 18, 2021

Risky Business podcast: Integrations for cloud APIs and Censys

Podcast Description: “This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external …

Read More

November 10, 2021

Find Nucleus TCP/IP assets with accessible FTP services

Researchers at Forescout recently published findings on a new set of 13 vulnerabilities with the Nucleus RTOS TCP/IP stack, collectively referred to as NUCLEUS:13. Originally released in 1993, Nucleus is found in many different types of products, including devices in the …

Read More

November 9, 2021

Tracking asset ownership with tags

Asset discovery is our bread-and-butter at Rumble, allowing us to surface network-connected systems and devices to our users. Once you have an asset inventory, you can track asset ownership with Rumble, which allows you to identify assets that have been orphaned and are no …

Read More

November 2, 2021

Rumble 2.8: Synchronize your VMware inventory, import Censys scan data, and run RFC 1918 scans faster

What’s new with Rumble 2.8? Integration improvements Synchronize your VMware virtual machine inventory Import external scan data from Censys Scan, search, and self-hosted improvements Discover all RFC 1918 networks, faster Customize scan schedules with more options …

Read More

October 28, 2021

Finding PAX point-of-sale devices

PAX Technologies, a China-based company that manufactures a LOT of point-of-sale (POS) terminal devices, has been in the news this week following an FBI raid of a PAX Florida facility. While the FBI didn’t officially confirm much beyond serving a court-authorized search, a …

Read More

October 25, 2021

How to find Cisco devices running IOS XE

Cisco recently disclosed a command execution vulnerability that affects some versions of IOS XE SD-WAN software running on Cisco routing devices and virtual instances. With a CVSSv3 score of 7.8, this vulnerability (assigned CVE-2021-1529) is due to inadequate input …

Read More

October 5, 2021

Finding Apache HTTP Server instances

Update: The 2.4.50 fix was incomplete and we strongly recommend upgrading to 2.4.51 or newer. The Apache Software Foundation recently announced a path traversal vulnerability present in version 2.4.49 of the Apache HTTP Server software. Due to insufficient coverage of …

Read More

October 5, 2021

Rumble 2.7: New dashboard, multi-subscription Azure, AWS ELBs, Splunk add-on improvements, and faster discovery for Rumble Professional

What’s new with Rumble 2.7? User experience improvements Get insights, trends, and visualizations from your dashboard Easily navigate configuration pages for scans, imports, connections, and more Know when your connector credentials are invalid Integration …

Read More

September 30, 2021

Fingerprinting Windows build numbers

Our goal at Rumble is to help customers identify everything on their networks, quickly, and without authentication. This process is driven by research, which often leads to dead ends, but sometimes we learn interesting things along the way. This post explores recent research …

Read More