2 min
Metasploit
Metasploit Team Announces Beta Sign-Up for AttackerKB
AttackerKB is a knowledge base of vulnerabilities and informed opinions on what makes them valuable (or not) targets for exploitation.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 1/31/20
Happy CTF week, folks! If you haven't already been following along with (or
competing in) Metasploit's global community CTF
, it started
yesterday and runs through Monday morning U.S. Eastern Time. Registration has
been full for a while, but you can join the #metasploit-ctf channel on Slack
to participate in the joy and frustration
vicariously.
This week's Metasploit wrap-up takes a look back at work done
3 min
Vulnerability Management
How to Measure the ROI of Your Vulnerability Risk Management Solution
In this blog, we discuss the seven key criteria you should consider when picking and measuring the efficacy of a vulnerability management solution.
2 min
Vulnerability Disclosure
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.
4 min
Government
An update on trade
In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.
8 min
InsightIDR
How to Analyze Your Log Data Using the Log Search API in InsightIDR
In this blog, we discuss how to analyze your log data using InsightIDR's Log Search API.
3 min
Metasploit
Metasploit Wrap-up: 1/24/20
Transgressive Traversal
Contributor Dhiraj Mishra authored a neat Directory
Traversal module
targeted at NVMS-1000 Network Surveillance Management Software developed by TVT
Digital Technology. Permitting the arbitrary downloading of files stored on a
machine running compromised software
, this module becomes all the more attractive when you consider it's providing
3 min
Cloud Security
Seven Tips for Better Cloud Security in 2020
In this blog post, we will highlight seven tips for shoring up your cloud security in the new year.
2 min
InsightConnect
Discover the New BMC Remedy ITSM Plugin for InsightConnect
The BMC plugin focuses on the automation of incidents in BMC, with the goal of freeing up analysts’ time so they can focus on resolving issues.
3 min
Vulnerability Management
Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model
In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.
4 min
InsightVM
Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams
If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.
4 min
Research
Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.
2 min
Metasploit
Metasploit Wrap-Up: 1/17/20
Silly admin, Citrix is for script kiddies
A hot, new module
has landed in Metasploit Framework this week. It takes advantage of
CVE-2019-19781 which is a directory traversal vulnerability in Citrix
Application Delivery Controller (ADC) and Gateway. This exploit takes advantage
of unsanitized input within the URL structure of one of the API endpoints to
access specified directories. Conveniently there is a directory available that
house
10 min
Vulnerability Management
How to Get Started with the InsightVM Integration for ServiceNow CMDB
Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.
2 min
Vulnerability Management
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.
