Posts tagged Nexpose

4 min Vulnerability Management

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

Rebekah Brown [/author/rebekah-brown] and the Rapid7 team have delivered a spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before you read any further, if you haven't done so already, please read her post [/2017/04/18/the-shadow-brokers-leaked-exploits-faq]. It's probably not the only post you've read on this topic, but it is cogent, well-constructed and worth the 5 minutes. Back with me? With all of the media attention and discussion in the infosec community, it would

5 min Metasploit

The Shadow Brokers Leaked Exploits Explained

The Rapid7 team has been busy evaluating the threats posed by last Friday's Shadow Broker exploit and tool release [https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/] and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked question

3 min InsightVM

InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)

In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR [https://www.rapid7.com/products/insightidr/] users, who now had the capabilities of a SIEM [https://rapid7.com/solutions/siem/], powered by user behavior analytics (UBA) [https://rapid7.com/solutions/user-behavior-analytics/] and endpoint detection [https://www.rapid7.com/solutions/endpoint-detection-and-response/]. Soon we started

4 min Nexpose

New Vulnerability Remediation Display in Nexpose Gets You to a Fix Faster

Background Information As part of the Nexpose [https://rapid7.com/products/nexpose/] 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report [https://www.rapid7.com/resources/nexpose-top-remediation-report-vid/]. Over the years, we've heard from our customers that the Top Remediations Report is one of the most useful features in our vulnerability management solution [https://www.rapid7.com/

1 min Application Security

Apache Struts Vulnerability (CVE-2017-5638) Protection: Scanning with Nexpose

On March 9th, 2017 we highlighted the availability of a vulnerability check in Nexpose for CVE-2017-5638 [https://rapid7.com/db/modules/exploit/multi/http/struts2_content_type_ognl] – see the full blog post describing the Apache Struts vulnerability here [/2017/03/09/apache-jakarta-vulnerability-attacks-in-the-wild]. This check would be performed against the root URI of any HTTP/S endpoints discovered during a scan. On March 10th, 2017 we added an additional check that would work in conjunctio

2 min Metasploit

Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched

AppSpider [https://rapid7.com/products/appspider/] scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them?  In some cases it could take several days to weeks before a fix/patch to resolve the vulnerability can be deployed, and during this time someone could be actively exploiting this issue in your application.  AppSpider Defend, which is now integrated into AppSpide

7 min Metasploit

Multiple Vulnerabilities Affecting Four Rapid7 Products

Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. If you are a Rapid7 customer who has any questions about these issues, please don't hesitate to contact your customer success manager (CSM), our support team, or leave a comment below. For

1 min Nexpose

CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin

On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's WebEx browser plugin extension that could allow attackers to perform a remote code execution (RCE) exploit on any Windows host running the plugin. An initial fix was pushed out by Cisco that warned a user if they were launching a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the fix was questioned by April King from Mozilla [https://bugs.chromium.org/p/project-zero/issues/detail?id=1096#c

2 min Nexpose

Scan Configuration Improvements in Nexpose

A common request we hear from customers is for the ability to schedule scans on individual assets, or on subsets of assets. Currently, you can start a manual scan and choose specific IPs, engine and template, but you need to have permissions to create sites in order to schedule such a scan. Good news! In version 6.4.18 version of Nexpose, released Jan 25th 2017, we've addressed this! Now individual site owners can create schedules and choose specific IP's, ranges or asset groups to kick off a

2 min Nexpose

Maximizing PCI Compliance with Nexpose and Coalfire

In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.  Our goal was to find that classic sports car blend of style and power: a vulnerability assessment solution that was as streamlined and easy to use as possible, but robust enough to significantly improve the customer's security.

2 min Nexpose

Patch Tuesday, January 2017

Update: See below for an update for the upcoming February Patch Tuesday. Microsoft starts off the year with 4 bulletins [https://technet.microsoft.com/library/security/ms17-jan] and continues a long running trend with their products where the majority of bulletins (2) are remote code execution (RCE) followed by an even distribution of elevation of privilege and denial of service. Missing from this month's list of affected products is Internet Explorer, which typically complements the Edge bull

4 min Nexpose

macOS Agent in Nexpose Now

As we look back on a super 2016, it would be easy to rest on one's laurels and wax poetic on the halcyon days of the past year. But at Rapid7 the winter holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now available within Nexpose Now. Live Monitoring for macOS Earlier this year, we introduced Live Monitoring for Endpoints [/2016/09/28/live-monitoring-for-endpoints] with the release of a Windows agent for use with Nexpose Now. The feedback from the Community has been

2 min Nexpose

Giving the Gift of Time: Nexpose Adaptive Security Improvements

'Tis the holiday season and the Nexpose [https://www.rapid7.com/products/nexpose/] team is in the giving spirit! At the Rapid7 workshop, we've been busy little helpers building toys for deserving security teams throughout the year. Here are just some of the goodies you can take advantage of NOW: * Remediation Workflows [/2016/09/28/vulnerability-remediation-with-nexpose] - create and assign remediation projects to get to fix faster * Liveboards [/2016/08/16/nexpose-now-notes-august-2016] -

3 min Nexpose

Vulnerability Categories and Severity Levels: "Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management tools [https://www.rapid7.com/products/nexpose/?CS=blog] is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it's not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability checks. How “True” Vulnerability Checks Work A

2 min Nexpose

Patch Tuesday, December 2016

December [https://technet.microsoft.com/en-us/library/security/ms16-dec.aspx] continues a long running trend with Microsoft's products where the majority of bulletins (6) are dominated by remote code execution (RCE) followed by an even distribution of elevation of privilege (3) and information disclosure (3). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Offic