Posts tagged Release Notes

2 min InsightCloudSec

What's New in DivvyCloud by Rapid7: April 2021

This month, we’d like to focus on one key area of change included in this release: the scheduler.

3 min InsightCloudSec

DivvyCloud by Rapid7: Feature Release 20.7

This well-rounded release includes a new Microsoft Azure Security Pack, expanded support for Azure resources, added AWS support, and several enhancements applicable to all clouds.

2 min Application Security

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps []. These include: * Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements * PDF report generation * The Rapid7 AppSec Toolkit * Macro Recorder * Traffic Viewer * RegEx Builder * Swagger/Rest API Utilit

3 min Release Notes

Weekly Metasploit Wrapup

Scanning for the Fortinet backdoor with Metasploit Written by wvu Metasploit now implements a scanner for the Fortinet backdoor. Curious to see how to use it? Check this out! wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL msf > use auxiliary/scanner/ssh/fortinet_backdoor msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24 rhosts => 417.216.55.0/24 msf auxiliary(fortinet_backdoor) > set threads 100 threads => 100 msf auxiliary(fortinet_backdoor) > run [*]

5 min Release Notes

Simplify Vulnerability Management with Nexpose 5.6

We are pleased to announce the next major release of Nexpose, version 5.6.  This release focuses on providing you the most impactful remediation steps to reduce risk to your organization and extends our current configuration assessment functionality. New Look and Feel The most visible change in Nexpose 5.6 is the new look and feel of the user interface.  The action header is now smaller to maximize screen space and usability, and the new colour scheme makes it easier to focus on important areas

4 min Release Notes

Significantly Enhanced, yet Simplified Reporting

The new year is just around the corner and the Internet has been available to users for almost two decades now. We have had user experiences that have pushed the boundaries with software, touchscreen devices and mobile applications. We are now witnessing radical changes in user expectations. We at Rapid7 are constantly striving to understand these expectations and live up to them. At Rapid7, our mission is to solve complex security challenges with simple, innovative solutions that offer speed w

3 min Release Notes

Security Configuration assessment capabilities that meet your needs with Nexpose 5.4

A new great looking feature in our configuration assessment component has been added in Nexpose 5.4: the ability to customize policies to meet your unique contextual needs, i.e. are specific to your environment. You are now going to be able to copy a built-in policy, edit its configuration including the policy checks values to test your assets for compliance. This flexibility allows for custom, accurate and relevant configuration assessment. Configuration assessment is important to assess the r

2 min Release Notes

Getting the Most from Customizable CSV Exports - Part 6

Hi, my name is Eden Martinez, and I'm a Federal Sales Engineer with Rapid7. Larger environments often list scalability as one of their top problems; specifically, too much data. With current tools, it's not hard to generate large data sets. Most tools are comprehensive with a focus on the largest list of results wins. While you can turn all the knobs on Nexpose up to 11, I've found many enterprise environments prefer to focus on prioritization of vulnerabilities and trending of the results. M

3 min Release Notes

SOC Monkey - Week in Review - 4.6.2012

Welcome back to my weekly wrap up of trending stories displayed on my SOC Monkey App, which as I've mentioned, is free in the Apple App Store. Go! Download! This week, one of the top stories was the Flashback Trojan and the unpatched Java Vulnerability in Mac OS X. The top tweet comes to us from Ars Technica: Flashback trojan reportedly controls half a million Macs and counting []

4 min Release Notes

Configuration assessment and policy management in Nexpose 5.2

We love our policy Dashboards. They are new, hot, intuitive, robust and really useful. In our latest release of Nexpose, version 5.2, we've made two major enhancements to our configuration assessment capabilities: * A policy overview dashboard: To understand the current status of compliance of configurations delivering a summary of the policy itself.A policy rule dashboard: To provide further details for a particular rule and the current compliance status for that rule. What makes th

1 min Release Notes

SOC Monkey - FREE and in the App Store now!

The name's Monkey.  SOC Monkey. I'm here to provide you with a new free app for the iPhone/iPad/iPod Touch that will search through infosec topics that are trending on the social web.  I'll also rank them based on what the biggest news items and hottest topics are, so you can make sure to get your banana's worth. Now, I'm not going to just barrage you with links.  I'm going to use my incredibly advanced simian brain to curate these news items, so you can focus more on what you need to get don

2 min Metasploit

Metasploit 4.2 Released: IPv6, VMware, and Tons of Modules!

Since our last release in October, we've added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads -- that clocks in at just about 1.5 new modules per day since version 4.1. Clearly, this kind of volume is way too much to detail in a single update blog post. IPv6 Coverage Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit's existing arsenal of p

3 min Release Notes

Nexpose Reaches OWASP Top10 Coverage

Rapid7 is proud to announce that Nexpose's 5.1 web application scanning capabilities can now detect all types of vulnerabilities in OWASP's Top10 []! We've completed this task with the addition of two new vulnerability checks, A5: Cross-Site Request Forgery (CSRF) [] and A8: Failure to Restrict URL Access [] . The next paragraphs will describe

2 min Release Notes

Metasploit Framework Updated: FastLib and More

Metasploit development moves fast. Blindingly fast, fueled by tons of open source contributors -- which is one of the reasons why we moved away from our tried and true SVN repository and on to GitHub. Now that we're on a more modern, more social development platform, we have all new ways to get overwhelmed with the pace of change on the Framework, especially since contributor code is that much easier to integrate now. So, in order to ensure that the more notable week-over-week changes get their

3 min Release Notes

Exploit for critical Java vulnerability added to Metasploit

@_sinn3r [] and Juan Vasquez [!/_juan_vazquez_] recently released a module which exploits the Java vulnerability detailed here [] by mihi and by Brian Krebs here []. This is a big one.  To quote Krebs: "A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the cri