All Posts

4 min IT Ops

For the Love of Code: Why We Use JSHint for Static Code Analysis

As developers, we all strive for clean, readable, and easy to refactor code; but, unfortunately, this doesn’t always happen. No matter how great a developer you are, or what language you’re coding in; problems caused by bugs inevitably spring up like weeds in the grass. These problems are exasperated by poorly organized and poorly written code. Once quality starts to drop, even the cleanest high-quality code in your project begins to be affected, until you’re left with a jumbled mess of (and ha
5 min Metasploit

R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

Rapid7 Labs has found multiple vulnerabilities in Hikvision DVR (Digital Video Recorder) devices such as the DS-7204 and other models in the same product series that allow a remote attacker to gain full control of the device. More specifically, three typical buffer overflow vulnerabilities were discovered in Hikvision's RTSP request handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post serves as disclosure of the technical details for th
2 min Nexpose

Why that CVSS score? HTTP TRACE vulnerability-your questions answered

Recently we saw that there were some questions on Twitter about the HTTP TRACE vulnerability check in Nexpose, specifically around the CVSS score.  Thank you @digininja , @tautology0 , and @raesene for raising this issue - we love to hear from our users and appreciate honest feedback on our solutions. Questions like these cause us to challenge our own assumptions and reasoning, which is always a healthy pr
1 min Patch Tuesday

Patch Tuesday, November 2014

Patch Tuesday came in hot this month with 15 advisories, of which 4 are listed as critical.  Hate to point it out, but this was originally advertised as 16 with 5 critical, but the patch for MS14-068 apparently isn't ready for prime time yet.  Hopefully the decision to hold it back was based on both the testing and an assessment of risk. The top patching priority is definitely going to be MS14-064, which is under active exploitation in the wild and may be related, at least superficially, to las
2 min Nexpose

Nexpose API: SiteSaveRequest and IP Addresses vs Host Names

With the release of Nexpose 5.11.1 we made some changes under the hood that improved scan performance and scan integration performance. As a result of those changes, the rules applied to using SiteSaveRequest in API 1.1 became stricter, which may have caused issues for some users. In the past this "worked" for the most part, though there were certainly side effects observable in the Web interface after the fact. Since these issues were not a
2 min Patch Tuesday

SChannel and MS14-066, another Red Alert?

This has been a busy Patch Tuesday for Microsoft. Of the fourteen bulletins, four of which were deemed critical, MS14-066 has been getting significant attention. This vulnerability, CVE-2014-6321 , affects Windows Secure Channel (SChannel) and was discovered privately by Microsoft through an in
3 min IT Ops

JSON Formatting of Windows Events: It's Hot!

It seems like everyone in DevOps has been talking about JSON recently – JSON is hot! Logentries has written a few posts covering this topic, coveringWhat is JSON , Common Problems Solved with JSON , and our Exporting as JSON . However we thought it would be beneficial to dive into some more specific applications. We already wrote about a few, namely JSON a
3 min Cloud Infrastructure

Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business

You may fear that cloud services jeopardize your organization's security. Yet, your business relies on cloud services to increase its productivity. Introducing a policy to forbid these cloud services may not be a viable option. The better option is to get visibility into your shadow IT and to enable your business to use it securely to increase productivity and keep up with the market. Step one: Find out which cloud services your organization is u
3 min User Behavior Analytics

Detecting Compromised Amazon Web Services (AWS) Accounts

As you move more of your critical assets to Amazon Web Services (AWS), you'll need to ensure that only authorized users have access. Three out of four breaches use compromised credentials, yet many companies struggle to detect their use. UserInsight enables organizations to detect compromised credentials, from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight monitors all administrator access to Amazon Web Services, so you can detect compromised credentials before they
4 min IT Ops

Unlimited Logging: A New Chapter in Log Management

It’s no secret that log data is quickly becoming one of the most valuable sources of information within organizations. There are open source, on-premise, and cloud-based solutions to help you glean value from your logs in many different ways. Largely, organizations use logs for debugging during development, for monitoring and troubleshooting production systems, for security audit trails and forensics, and (more and more) for different business use cases that transcend product management and mar
3 min IT Ops

The Role of Logging in the Internet of Things

Let’s explore the importance of logging from IoT devices… The IoT is defined as the interconnection of uniquely identifiable embedded computing devices within an existing internet infrastructure . In plain English IoT is expected to enable the advanced connectivity of devices and systems, which would involve machine-to-machine communications (M2M). The IoT is still in its early stages but some analysts predict that the IoT will boost the glob
4 min IT Ops

What Is JSON? An Introductory Guide

Some days it’s hard to remember if Moore’s law applies to increasing computer power or the number of technologies and breadth of terminology impacting our daily work. JSON, short for JavaScript Object Notation, continues to gain momentum in our increasingly connected world. Reading this primer will give you a baseline understanding so you can start having intelligent conversations about the pros and cons of using JSON with your team.

1 min CISOs

Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"

Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity Awareness month webcast where we were joined by a panel of experts: Brian Betterton - Director, Security, Risk and Compliance at Reit Management & Research Trey Ford - Global Security
3 min IT Ops

Logging Activity in a Smart Home

The Smart Home concept is a subset of the Internet of Things(IoT). The core idea is to connect “things” (digital devices) to each other to facilitate communication, feedback, and alerting. In essence connecting the physical world with the digital world. We are installing new sensors and actuators into everyday devices that is leading to new IoT and Smart Home services by integrating existing solutions and technologies. The IoT network is growing at an unbelievable pace. From just 2 billion obje
3 min Vulnerability Disclosure

R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access

Introduction GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP.  Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. This vulnerability allows an attacker operating a malicious FTP server to create arbitrary files, directories, and symlinks on the user's filesystem. The symlink attack allows file contents to be overwritten, including binary files, and access to the entire filesystem wit

Popular Topics

Tags