3 min
AWS
Nexpose Scan Engine on the AWS Marketplace
Update September 2017: For even more enhanced capabilities, check out the AWS
Web Asset Sync Discovery Connection
[/2017/09/14/aws-power-up-tag-import-asset-cleanup-assume-role-ad-hoc-scan/].
Rapid7 is excited to announce that you can now find a Nexpose Scan Engine AMI on
the Amazon Web Services Marketplace making it simple to deploy a pre-authorized
Nexpose Scan Engine from the AWS Marketplace to scan your AWS assets!
What is an AMI ?
An Amazon Machine Image (AMI) allows you to launch a virt
3 min
Nexpose
Nation's 'Hacker-in-Chief' Demonstrates Old Dog's Value
In today's security ecosystem, there are several technologies/programs that are
considered to be the old dogs. They've been around the block a few times, have
a few gray hairs, and just aren't as sexy anymore. Most companies have had
these technologies for years now, and they typically don't get the headlines
that some of the newer, hotter technologies are getting. Antivirus, Email
Security, Firewalls, and Vulnerability Management are a few of these. It's hard
to compete with big-data-machin
1 min
Nexpose
Update Tuesday, February 2016
February continues this quarter's trend with the majority of bulletins (7)
addressing remote code execution (RCE) vulnerabilities; the remaining 6 evenly
address denial of service (DOS) and elevation of privilege. All of the critical
bulletins (MS16-009, MS16-011. MS16-012, MS16-013, MS16-015, MS16-022) are
remote code execution issues affecting a variety of products and platforms
include Edge, Internet Explorer, Office, Office for Mac, Office Web Apps,
SharePoint and releases of Microsoft Windo
2 min
Windows
Nexpose Remote Registry Activation for Windows
The Windows Registry is a database which stores all settings for a Windows
system, e.g. hardware, software installed, Windows updates installed and
preferences for users and their applications. During normal day to day use a
standard user will inadvertently push changes into this database when they
update the system, add/remove applications and so on.
Remote Registry is a Windows service which allows a non-local user to read or
make changes to the registry on your Windows system when they are
1 min
Nexpose
Update Tuesday, January 2016
The year's first release contains 9 bulletins, 7 remote code execution (RCE), an
elevation of privilege and spoofing vulnerability. The critical bulletins
(MS15-001, MS15-002, MS15-003, MS15-004, MS15-005, MS15-006) are comprised of
remote code execution vulnerabilities affecting a variety of products and
platforms including Edge, Internet Explorer (7 and onwards), Excel Viewer,
Office, SharePoint Server, Silverlight, Word Viewer, VBScripting engine and all
supported releases of Microsoft Window
3 min
Nexpose
Nexpose Two Factor Authentication
For organizations that want additional security upon login, Nexpose and the
Rapid7 Nexpose-Client Ruby Gem will support Two Factor Authentication as of the
January 6, 2016 release. Two Factor Authentication requires the use of a
time-based one-time password application such as Google Authenticator.
Two Factor Authentication can only be enabled by a Global Administrator on the
Security Console.
To enable Two Factor Authentication:
1. As a Global Administrator, go to the Administration tab.
2.
3 min
Nexpose
Have JBoss, Jenkins, WebLogic, WebSphere based applications? Brace yourself, they've got an unwanted Christmas present for you!
Java based server applications are prevalent throughout most corporate
networks. Thousands, if not millions, of applications are deployed using JBoss,
Jenkins, WebLogic and WebSphere - so when a vulnerability affecting the
underlying technology pops up, the impact can be significant. A vulnerability
was recently discovered affecting any Java application which can receive data
back from users, allowing malicious actors to insert unsafe data as it attempts
to ingest the information. The applica
2 min
Nexpose
More TLS Improvements in Nexpose 6.1.2
After releasing TLS Coverage Improvements in Nexpose 6.0.2
[/2015/10/14/tls-coverage-improvements-in-nexpose-602] we figured that the
Nexpose Security Console should be able to abide by our own suggestions. Last
year we had already disabled SSLv3 support by default and allowed configuring
what other protocols are enabled on the console as well. With this week's
release we're limiting the TLS cipher suites available to the console's web
server by default. Similar to the protocols, the cipher suit
1 min
Nexpose
New Vulnerability Filtering in Adaptive Security
Nexpose has long provided the ability to filter vulnerabilities by a wide
variety of categories and operators. Starting in Nexpose 6.1, filtering in
new-vulnerability actions in Adaptive Security closely mirrors that of Nexpose.
New vulnerability actions were covered in a recent blog .How Adaptive Security
fits into your Vulnerability Management Program).
[/2015/11/20/how-adaptive-security-fits-into-your-vulnerability-management-program]
Similarity to Nexpose Filtering
The enhanced filters no
1 min
Nexpose
Configuring the SNMP request timeout
The SNMP protocol is very common, has many implementations and is deployed in
diverse networks. In some cases it responds very promptly, in others it is
relatively slow to respond. We found that in some environments a 1 second
request timeout was insufficient, so in Nexpose 6.1.1 we have changed the
default to 3 seconds in order to improve the service and related vulnerability
detection.
This, however, can have a major impact on scan times on port 161 and may not be
desirable on networks with l
4 min
Vulnerability Management
How Adaptive Security fits into your Vulnerability Management Program
Building an Application Vulnerability Management Program, found in the SANS
Institute Reading Room (
https://www.sans.org/reading-room/whitepapers/application/building-application-v
ulnerability-management-program-35297), identifies vulnerability program
management as a cyclical process involving the following steps:
* Policy
* Discovery and Baseline
* Prioritization
* Shielding and Mitigation
* Eliminating the Root Cause
* Monitoring
While the use of Nexpose applies to several of these
2 min
Nexpose
Changes to OVAL in Nexpose 6.0.6
Rapid7 has made it a priority to support security industry standards, including
the Open Vulnerability and Assessment Language (OVAL). Those of you who use
Nexpose to measure policy compliance, either by using the built-in CIS, DISA,
and USGCB policies, or by writing your own custom policies, are using OVAL for
these policies.
A decision by the National Institute of Standards and Technology (NIST) has made
it necessary for us to make changes in our OVAL implementation. These changes
affect po
2 min
Nexpose
Update Tuesday, November 2015
November sees a mix of remote code execution and elevation of privilege
vulnerabilities enabling an attacker to gain the same rights as the user when
the victim opens specially crafted content, such as a webpage, journal file or
document containing embedded fonts. These vulnerabilities affect Internet
Explorer (7 and onwards), Edge, and Windows (Vista and onwards). It is
advisable for users and administrators to patch the affected platforms.
Microsoft includes 12 security bulletins, a third of
1 min
Nexpose
Increasing Risk Visibility
We at Rapid7 are committed to providing our customers with the best, most
accurate vulnerability detection and remediation information. To better serve
you, starting October 28th, 2015, Rapid7 will begin generating content for
Nexpose in a way that will provide greater visibility into risk. This change
will start with content generated for Adobe, Debian and Ubuntu and eventually
all supported platforms will transition to this approach. For the end user the
benefit is more accurate representation
3 min
Nexpose
UserInsight Integrates with Nexpose for Total User and Asset Security Visibility
Rapid7's Vulnerability Management and User Behavior Analytics solutions
[https://www.rapid7.com/products/userinsight/user-behavior-analytics-user-activity-monitoring.jsp]
, Nexpose and UserInsight, now integrate to provide visibility and security
detection across assets and the users behind them. Combining the pair provides
massive time savings and simplifies incident investigations by highlighting risk
across your network ecosystem without writing queries or digging through logs.
Related Resou