8 min
Haxmas
The Ghost of a Botnet (Possibly) Past
For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!
6 min
Ransomware
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)
WannaCry Overview
Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna
Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding
computers for ransom at hospitals, government offices, and businesses. To recap:
WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file
sharing protocol. It spreads to unpatched devices directly connected to the
internet and, once inside an organization, those machines and devices behind the
firew
6 min
Research
The Data Science Process at Rapid7
Data Science is more than just math. A successful Data Science team and
successful Data Science projects require relationships with outside teams, clear
communication, as well as good decision making, problem solving and critical
thinking abilities. Thus, when we talk about Data Science at Rapid7, we talk
about the Data Science Process our teams use to take a Data Science project from
inception to completion, where math and analysis are important, but not the only
aspects of the project.
What a
6 min
NCSAM: You Should Use a Password Manager
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA
[/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers]
and the 30th anniversary of the CFAA - a problematic law that hinders beneficial
security research. Throughout the month, we will be sharing content that
enhances understanding of what independent security research
6 min
Research
The Attacker's Dictionary
Rapid7 is publishing a report about the passwords attackers use when they scan
the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA
Conference this week, or online right here
[https://information.rapid7.com/attackers-dictionary.html]. The following post
describes some of what is investigated in the report.
Announcing the Attacker's Dictionary
Rapid7's Project Sonar [https://sonar.labs.rapid7.com/] periodically scans the
internet across a variety of ports and protocols
1 min
RiskRater Endpoint Report
Today we're releasing the second of three reports derived from our RiskRater
[https://riskrater.rapid7.com/] research.
The first report [http://www.rapid7.com/docs/mobile_aug_2013.pdf] focused on
mobile devices and the BYOD movement. Today's report is concerned with endpoint
devices and their security.
Given that user endpoints are increasingly becoming the target of attacks, we
were interested in how well the respondents:
* Enable code execution prevention techniques
* Block suspicious ema
3 min
Introducing RiskRater - a free tool for benchmarking endpoint, mobile and user risk management programs
Introductions
After lurking for a little while, I'm starting to write on SecurityStreet today
in order to introduce RiskRater [https://riskrater.rapid7.com/], a tool we've
been working on recently. RiskRater is an interactive free tool designed to give
security professionals a quick snapshot of how they are doing in terms of their
security controls for endpoints, mobile devices and user-based risk.
What Does RiskRater Do?
We frequently hear from security professionals that they are under consta