2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
[https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/]
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
[https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
2 min
InsightVM
Wanna see WannaCry vulns in Splunk?
Do you want to see your WannaCry
[https://www.rapid7.com/security-response/wanna-decryptor/] vulns all in one
dashboard in Splunk? We've got you covered.
Before you start, make sure you have these two apps installed in your Splunk
App:
* Rapid7 Nexpose Technology Add-On for Splunk
[https://splunkbase.splunk.com/app/3457/]
* Rapid7 Nexpose for Splunk [https://splunkbase.splunk.com/app/3492/]
Steps
1. Follow the directions in this blog post
[https://www.rapid7.com/blog/post/2017/05/17/sc
3 min
Nexpose
InsightVM/Nexpose Patch Tuesday Reporting
Many of our customers wish to report specifically on Microsoft patch related
vulnerabilities
[https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/]. This
often includes specific vulnerabilities that are patched in Patch Tuesday
updates. This post will show you the various ways that you can create reports
for each of these.
Remediation Projects
Remediation Projects are a feature included in InsightVM
[https://www.rapid7.com/products/insightvm/] that allow you to get a live view
2 min
Nexpose
Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose
Just when you'd finished wiping away your WannaCry
[/2017/05/12/wanna-decryptor-wncry-ransomware-explained] tears, the interwebs
dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494
[https://www.rapid7.com/db/vulnerabilities/samba-cve-2017-7494] (no snazzy name
as of the publishing of this blog, but hopefully something with a Lion King
reference will be created soon).
As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's
overview of the Samba vulnerabil
4 min
Container Security
Modern Network Coverage and Container Security in InsightVM
For a long time, the concept of “infrastructure” remained relatively unchanged:
Firewalls, routers, servers, desktops, and so on make up the majority of your
network. Yet over the last few years, the tides have begun to shift.
Virtualization is now ubiquitous, giving employees tremendous leeway in their
ability to spin up and take down new machines at will. Large chunks of critical
processes and applications run in cloud services like Amazon Web Services (AWS)
and Microsoft Azure. Containers hav
4 min
InsightVM
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone
control. It can be difficult to know how to make meaningful progress in your
vulnerability management program
[https://www.rapid7.com/solutions/vulnerability-management/] when simply
maintaining visibility can be a struggle. One way to get some leverage is to
make wise use of asset discovery. If you are able to tap into repositories or
sources of assets, you stand a better chance of gaining and maintaining
visibility.
Ove
5 min
Microsoft
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are
increasingly asked to do more with less. They simply cannot remediate
everything; it has never been more important to prioritize and drive
remediations from start to finish.
The Remediation Workflow capability in InsightVM
[https://www.rapid7.com/products/insightvm/] was designed to drive more
effective remediation efforts by allowing users to project manage efforts both
large and small. Remediation Workflow is designed
3 min
InsightVM
InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)
In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity
inherent in security analytics. This reality was introduced first to our
InsightIDR [https://www.rapid7.com/products/insightidr/] users, who now had the
capabilities of a SIEM [https://rapid7.com/solutions/siem/], powered by user
behavior analytics (UBA) [https://rapid7.com/solutions/user-behavior-analytics/]
and endpoint detection
[https://www.rapid7.com/solutions/endpoint-detection-and-response/]. Soon we
started