Posts tagged Vulnerability Management

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

2 min Research

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.

9 min Vulnerability Management

Patch Tuesday - March 2021

Another Patch Tuesday (2021-Mar [https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar]) is upon us and with this month comes a whopping 122 CVEs.  As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild. Vulnerability Breakdown by S

3 min Cloud Security

How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments

The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and everything you’re working with.

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

4 min Vulnerability Management

Building a Holistic VRM Strategy That Includes the Web Application Layer

Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

4 min Vulnerability Management

Take the Full-Stack Approach to Securing Your Modern Attack Surface

Let’s take a more in-depth look at modern vulnerability risk management (VRM) and what to look for in a holistic solution.

4 min InsightVM

New InsightVM Dashboard Helps You Discover Significant Changes in Your Environment from the Past 30 Days

Organizations are in a constant struggle to identify and reduce risks in their constantly changing environments

4 min Vulnerability Disclosure

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function."

7 min Vulnerability Management

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools 8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly Disclosed Vulnerabilities One zero-day was announced: CVE-2021-1732 [https:

2 min News

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

Cisco has released security updates to address vulnerabilities in most of their product portfolio.

3 min News

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.

2 min Vulnerability Management

Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats.

1 min Vulnerability Management

Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?

Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers looking to capitalize.

7 min Vulnerability Management

Patch Tuesday - January 2021

We arrive at the first Patch Tuesday of 2021 (2021-Jan [https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan]) with 83 vulnerabilities across our standard spread of products.  Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office (which includes the SharePoint family of products), and lastly some from less frequent products such as Microsoft System Center and Microsoft SQL Server. Vulnerability Breakdown by Software Family FamilyVulnera

4 min InsightVM

What’s New in InsightVM: Q4 2020 in Review

Here’s our roundup of the new and improved InsightVM features we’ve updated in Q4 2020.

4 min DevSecOps

Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity

Let’s take a look at some key insights on current industry efforts to more closely integrate DevOps and SecOps—and how you can plot your best path forward.

3 min InsightVM

Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution

Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals.

3 min InsightVM

How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM

In this blog, we will be focusing on a simple use case that enables your organization to achieve greater visibility into your policy customization process.

4 min Vulnerability Management

The Risky Business: Rapid7 Report Highlights Need for Improved Vulnerability Management Practices

Based on the assessment of 24 service protocols, Rapid7’s NICER revealed key insights about the current state of the internet.

7 min News

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.

2 min InsightVM

InsightVM Now Integrates With Snyk for Deep Visibility Into Container Vulnerabilities

We're excited to announce that InsightVM now integrates with Synk for deep visibility into container vulnerabilities.

2 min InsightVM

New All Apps and Asset Report Combines Power of InsightVM and InsightAppSec for Boosted Visibility

When speaking with customers, we continue to hear that they are looking for more visibility into their vulnerability risk management activities.

6 min Vulnerability Management

Patch Tuesday - December 2020

We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months (high thirties), it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported vulnerabilities covered this month has been publicly exploited nor previously publicly disclosed and only 9 of the 58 vulnerabilities have been marked as Critical by Microsoft. In terms of actionables, stan

5 min Under the Hoodie

2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities

Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.

6 min InsightVM

How to Create an OS-Based Policy Scanning Workflow in InsightVM

In this blog, we provide a step-by-step walkthrough of how to create an OS-based policy scanning workflow in InsightVM.

3 min Vulnerability Management

Threat and Vulnerability Management Best Practices

In this blog post, we provide a high-level overview of vulnerability management and why it’s critical for modern businesses.

3 min Vulnerability Management

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation now happens indiscriminately across the modern attack surface—from local and remote endpoints to on-prem and cloud infrastructure to web applications and con

2 min InsightVM

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space.

3 min Vulnerability Management

Patch Tuesday - November 2020

Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087] Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day

2 min News

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.

3 min Vulnerability Management

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.

7 min Vulnerability Management

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

We put together a list of some of the scariest vulnerabilities of the year and the remediation solutions that can help you stay on guard in the future.

2 min InsightVM

Rapid7 Announces Improvements to Goals and SLAs in InsightVM

We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.

14 min InsightVM

Scan Template Best Practices in InsightVM

This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.

9 min Vulnerability Disclosure

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.

1 min InsightVM

Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives

Let’s talk false positives. They’re frustrating and faulty to anyone in security. The good news? We’ve added even more ways to reduce the noise they cause.

3 min Vulnerability Management

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.

4 min Vulnerability Management

Patch Tuesday - October 2020

Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200012]. Despite this month's lower numbers, there are some precautions we should all take to remediate our environments quickly and effectively.

4 min InsightVM

How InsightVM Helps You Save Time and Prove Value

In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts.

3 min Vulnerability Management

Why Every Organization Needs a Vulnerability Management Policy

In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk.

2 min News

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.

5 min Research

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.

3 min InsightVM

Decentralize Remediation Efforts to Gain More Efficiency with InsightVM

We’re excited to introduce you to two new InsightVM product updates to help you further reduce friction, save time, and gain greater efficiency.

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.

3 min Vulnerability Management

Vulnerability Remediation vs. Mitigation: What’s the Difference?

In this blog, we dive into better understanding the difference between vulnerability mitigation vs. remediation.

4 min InsightVM

How to Track and Remediate Default Account Vulnerabilities in InsightVM

In this blog post, we discuss older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM.

3 min Vulnerability Management

Patch Tuesday - September 2020

129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday) Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance. While following standard procedures of scheduling the patching for Windows OSes up front immediately closes the door against 60%+ of the vulnerabilities being disclosed this

3 min InsightVM

How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7

To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.

5 min InsightVM

Automated External Sonar Scanning Workflow with InsightVM

In this blog post, we discuss an external scanning strategy that you will want to implement with your InsightVM deployment.

4 min Vulnerability Management

Patch Tuesday - August 2020

120 Vulnerabilities Patched in Microsoft's August 2020 Update Tuesday (2020-Aug Patch Tuesday) August 2020 brings along patches for 120 vulnerabilities within the standard set of Microsoft products (Windows, Office, Browsers, and Developer Tools such as .NET Framework, ASP.NET, and Visual Studio).  Among the crowd are two vulnerabilities: CVE-2020-1464 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464] , and CVE-2020-1380 [https://portal.msrc.microsoft.com/en-US/s

3 min InsightVM

What’s New in InsightVM: H1 2020 in Review

Throughout the first half of the year, we released updates and features to help security teams work more effectively and efficiently in InsightVM.

9 min Virtual Vegas

Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 2 Sessions

Our Rapid7 experts attended another day of incredible talks, and have plenty of key takeaways and insights to share about their Virtual Vegas sessions.

9 min Virtual Vegas

Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 1 Sessions

Even from home, it can be tough to catch what you want to see at Black Hat, so we had our experts do the work for you as part of our Virtual Vegas event.

3 min Vulnerability Management

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.

4 min Vulnerability Management

Hear from Your Peers: Advice for Your First 90 Days Using a Vulnerability Management Solution

In a recent survey with InsightVM customers, we asked them to share their best tips for the first 90 days of using a vulnerability management solution.

3 min Vulnerability Management

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.

5 min InsightVM

Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder

During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.

3 min Vulnerability Management

Patch Tuesday - July 2020

100+ vulnerabilities patched during Patch Tuesdays the new norm Another 123 CVEs are covered this month from Microsoft for the 2020-Jul Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul] .  In addition to our usual suspects like Windows, Internet Explorer/Microsoft Edge, and Microsoft Office this Patch Tuesday addresses several developer-type tools such as .NET Framework, Visual Studio Code ESLint extension along with various Open Source Software

4 min Vulnerability Management

Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know

On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.

4 min Vulnerability Management

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.

3 min Vulnerability Management

12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) laid out the 12 most exploited vulnerabilities since 2016.

3 min InsightVM

Gain a More Dynamic View: How to Connect Cloud Configuration Assessment in InsightVM to CloudTrail in AWS

Here, we will delve into how to enable Cloud Configuration Assessment to maintain a more dynamic view of an AWS account through integrating with CloudTrail.

3 min InsightVM

How to Use Custom Policy Builder to Customize Password Policies in InsightVM

In this post, we are going to focus on commonly used customizations for password policies by our customers.

3 min Customer Perspective

Customer Spotlight: How Amedisys CISO Proves Security’s Value to the Business

Richard Kaufmann, CISO of Amedisys, talks about the importance of measuring value in terms of business impact and successfully securing more budget.

3 min Security Nation

Advancements in Vulnerability Reporting in the Post-PGP Era: A Conversation with Art Manion

On this week’s episode of Security Nation, Art Manion of the CERT Coordination Center gets us up to speed on vulnerability analysis and management.

3 min Vulnerability Management

How to Approach Risk Management: Advice from Rapid7 Customers

Learn how these security professionals approach risk, and their best advice for others looking to better their approach to risk management.

4 min InsightVM

Introducing a New InsightVM Dashboard to Monitor External and Remote Workforce Assets in Your Environment

In order to help our customers better track their remote workforce and external assets, we are introducing a new customizable dashboard within InsightVM.

5 min Vulnerability Management

How Team Collaboration Can Help You Scale the Vulnerability Mountain

In this blog post, we’ll break down how to do this through team collaboration, key processes, and good security design.

3 min Vulnerability Management

Patch Tuesday - June 2020

June 2020's Microsoft Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun] gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses CVE-2020-9633 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010] -- a high severity remote code execution vulnerability).  While the consistently high volume of vulnerabilities being addressed each month is alarming at times, there is a sense of peace in the steps Micros

3 min Security Nation

Developing Sustainable Vulnerability Management with Katie Moussouris

On this week’s episode of Security Nation, we’re delighted to be joined by Katie Moussouris, CEO and Founder of Luta Security.

5 min InsightVM

Custom Policy Builder Is Now Available in InsightVM

In today’s policy customization post, we focus on Center for Internet Security (CIS) policies.

3 min InsightVM

Finding Flexibility in Your Vulnerability Management Solution

In this post, we’re sharing the three key areas of flexibility within InsightVM, and how this can benefit your vulnerability management initiatives.

6 min InsightVM

Q&A from April 2020 Customer Webcast on InsightVM Dashboards & Executive Summary Report

In this blog post, we wanted to address a number of commonly asked questions regarding InsightVM Dashboards.

2 min InsightVM

Rapid7’s InsightVM Receives Five Stars from SC Magazine

We’re proud to announce that Rapid7’s InsightVM solution was recently reviewed by SC Magazine and received a five-star report.

2 min Vulnerability Management

Patch Tuesday - May 2020

Microsoft's fifth Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May] of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/] but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today. The bulk of this month's fixes, as well as most of the critical ones, are fo

4 min Vulnerability Management

Three Switching Costs to Consider When Evaluating a New Vulnerability Management Solution

If you’re looking to switch vulnerability management solutions, read on as we discuss three areas to consider and how to communicate them to leadership.

4 min Vulnerability Management

May 2020 Cisco Remote Vulnerabilities Guidance

Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.

4 min Vulnerability Management

How to Increase Your Security Team's Visibility Within Your Organization—And What Happens When You Do

In this post, we’ll discuss how you can increase visibility and communication across the organization to improve your team’s reputation and resources.

2 min InsightVM

Reduce Risk with CyberArk and Rapid7 Integrations

There are a number of out-of-the-box integrations between CyberArk and Rapid7 that can help organizations both reduce risk and ease the burden on operations teams.

5 min Research

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.

2 min InsightVM

Nmap Service Detection for Nexpose and InsightVM Scan Engines

As of version 6.6.14 of Nexpose and InsightVM, the Scan Engine can now utilize Nmap service probes in addition to existing detection methods to improve the discovery of previously unsupported protocols and services.

2 min Vulnerability Management

Patch Tuesday - April 2020

Global working-from-home routines haven't slowed down Microsoft and its ability to help close up vulnerabilities in their products. This April Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr] (WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's not the highest we've seen, but it is still an impressive spread of fixes coming in this month with a fair number resolving SharePoint and Office vulnerabilities along with the

2 min Vulnerability Management

Answers to Three FAQs About the New-and-Improved Cloud Configuration Assessment Remediation Content in InsightVM

Security expert answers FAQs about the new-and-improved cloud configuration assessment remediation content in InsightVM

7 min Microsoft

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.

6 min Vulnerability Management

4 Common Goals For Vulnerability Risk Management Programs

This post will give you a glimpse into the research to pinpoint under-served and unmet customer needs in the vulnerability risk management space.

17 min Vulnerability Disclosure

Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities

In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.

5 min Vulnerability Management

How to Measurably Reduce False Positive Vulnerabilities by Up To 22%

Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.

2 min Vulnerability Management

Rapid7 Named a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.

2 min Vulnerability Management

Active Exploitation of Unpatched Windows Font Parsing Vulnerability

Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).

4 min Security Nation

Proactive Security Is the New Black: Lessons from the Trenches of Building a Security Product

On this week’s Security Nation, we spoke with Alex Kreilein, CISO for RapidDeploy, a back-end SaaS service for 911 and emergency communication systems.

5 min Vulnerability Management

Redefining How to Measure the Success of Your Vulnerability Management Program

In this post, we’ll discuss which vulnerability risk management metrics matter and which ones don’t, and how to communicate them effectively.

4 min Vulnerability Management

How to Understand the TCO and ROI of Your Vulnerability Management Program

In this blog, we discuss the total cost of ownership (TCO) compared to the potential return on investment (ROI) of your Vulnerability Management program.

3 min Vulnerability Risk Management

CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis

Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.

2 min Vulnerability Management

Patch Tuesday - March 2020

Let's start off talking about CVE-2020-0688 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688] from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At the time it was published February 11, 2020, the vulnerability had not seen active exploitation. As of March 9, 2020, there were increasing reports of activity [https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/] happening on unpatched Exchange

4 min InsightVM

How to Improve Vulnerability Patching Efficiency through Automation

In this blog, we discuss how automation can improve your security team's patching efficiency.

8 min InsightVM

ServiceNow CMDB Asset Import Using the InsightVM Integration for ServiceNow CMDB

This is part two of our series covering the recently released InsightVM Integration for ServiceNow CMDB application available on the ServiceNow Platform.

4 min InsightAppSec

InsightVM + InsightAppSec: A Love Story

Today, we take a moment to appreciate how two of our products, InsightVM and InsightAppSec, work together to secure the entire tech stack for our customers.

4 min Cloud Security

How to Handle Misconfigurations in the Cloud

In part three of our four-part series on security in the cloud, we will cover how to handle misconfigurations in the cloud.

3 min Patch Tuesday

Patch Tuesday - February 2020

A relatively modest 99-vulnerability February Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb] has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674] (originally ADV200001 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001]) announced back on January 17.  Fortunately, that is the only vulnerability reported this month th

2 min Vulnerability Management

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.

4 min AWS

How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud

In part two of our series on security in the cloud, we’ll discuss how to detect, prioritize, and remediate vulnerabilities that you find in your cloud environment.

3 min Vulnerability Management

How to Measure the ROI of Your Vulnerability Risk Management Solution

In this blog, we discuss the seven key criteria you should consider when picking and measuring the efficacy of a vulnerability management solution.

3 min Vulnerability Management

Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model

In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.

4 min InsightVM

Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams

If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.

4 min Research

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.

10 min Vulnerability Management

How to Get Started with the InsightVM Integration for ServiceNow CMDB

Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.

2 min Vulnerability Management

Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know

In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.

3 min Vulnerability Management

Patch Tuesday - January 2020

The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour [https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the NSA: CVE-2020-0601 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601] is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC) c

4 min InsightVM

How to Define and Communicate Vulnerability Risk Across Your Company

In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.

4 min InsightVM

Simplify Your Data Search with Query Builder in InsightVM

Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.

4 min InsightVM

7 Vulnerability Risk Management Resolutions To Consider in the New Year

In this blog, we discuss seven Vulnerability Risk Management resolutions that all security professionals should be making in 2020.

2 min Patch Tuesday

Patch Tuesday - December 2019

Today we come to the end of 2019's monthly Microsoft Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec] (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a light month, there's still action to be taken. CVE-2019-1458 [https://portal.msrc.microsoft.com/en-US/security-guidance/advis

4 min Vulnerability Management

How to Actually Reduce Risk in Your Environment

In this blog, we discuss how to actually reduce risk in your technology environment using a vulnerability risk management program.

4 min InsightVM

InsightVM Delivers 342% ROI through Clarity, Influence, and Progress

No matter the measure of success, InsightVM is built to give security professionals clarity, influence, and progress. Let’s dive into how.

3 min Public Policy

What Is Texas Senate Bill 820, and How Will It Affect Your School District?

In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.

5 min Managed Security Service Providers

How to Develop a Common Language for Security Buy-In Across Your Business

In this blog, we break-down what keeps organizations from advancing their security programs, and how businesses can establish security priorities.

3 min Patch Tuesday

Patch Tuesday - November 2019

November's Patch Tuesday is upon us and, this month, Microsoft addressed 74 vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429] ) has been seen under active exploitation. By prioritizing the released Microsoft Windows and Internet Explorer patches, the door to 58 of the 74 vulnerabilities will be closed off. Also, for the second month in a row, this Patch Tuesday sees an absent security upd

4 min InsightVM

The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue

In this blog, we discuss lessons learned from RDP exploits such as BlueKeep and DejaBlue, and how organizations can be protected form future vulnerabilities.

4 min InsightVM

5 Steps to Go from Patch Management to Vulnerability Management

The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.

4 min InsightVM

InsightVM vs. Managed Vulnerability Management: How to Choose Which Rapid7 Offering Is Right for You

In this blog, we explain our two vulnerability management offerings—InsightVM and our Managed Vulnerability Management Service—so you can make an informed decision about which is right for you.

2 min Patch Tuesday

Patch Tuesday - October 2019

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573] is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe [https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's nothing to do: Microsoft still published 59 CVE

5 min Project Sonar

Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice

On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.

5 min Vulnerability Management

How DHS and MITRE Collaborate to Validate Vulns

In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.

3 min InsightVM

Four Ways to Improve Automated Vulnerability Management Efficiency with SOAR

In this post, we’ll cover four ways to leverage security orchestration and automation (SOAR) to improve your vulnerability management program and save time in the process.

2 min Patch Tuesday

Patch Tuesday - September 2019

Today Microsoft released fixes [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573] for 79 separate security flaws, affecting products across much of their portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1214] and CVE-2019-1215 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215] are both privilege

4 min Vulnerability Management

CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know

On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.

4 min InsightVM

How Rapid7 Industry Research Strengthens InsightVM

Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.

5 min Cloud Infrastructure

How to Set Up InsightVM in Your Google Cloud Environment

In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.

7 min Higher Education

Defining Cybersecurity Risk for Higher Education

Educational institutions and other organizations have similar cybersecurity risk profiles, but there are a few very specific areas that differ.

7 min Vulnerability Management

Summer Security Fundamentals Recap: What You Need to Know About Vulnerability Management

In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.

8 min AWS

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.

2 min Patch Tuesday

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d] : Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep [/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/] vulnerability (CVE-2019-0708 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708] ) that was patched last May. CVE-2019-11

2 min Vulnerability Management

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.

3 min Vulnerability Management

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

Rapid7 Labs has observed a significant uptick in malicious RDP activity since the release of CVE-2019-0708 (aka “BlueKeep”).

3 min InsightVM

Do You Have Containers in Your Environment? Using Container Discovery to Be Sure

In this post, we'll show you how you can use the container security features in InsightVM to find out whether you have containers you didn't know about.

2 min InsightVM

Ensuring Timely Remediation of Security Risks with Service-Level Agreements (SLAs) in InsightVM

Rapid7 makes it easy for you to set up and track service-level agreements (SLAs) in InsightVM.

2 min Research

[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests

Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.

9 min Vulnerability Management

So, You Think You Can Query?

In this blog, we are going to explore the basics of how to make queries in our cloud-based vulnerability management solution, InsightVM.

2 min Patch Tuesday

Patch Tuesday - July 2019

Patch Tuesday for July 2019 is on the heavier side as far as they go, with Microsoft fixing 77 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573] in total. Microsoft also published an advisory [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190021] describing a cross-site scripting vulnerability in the on-premise edition of Outlook for web (previously known as Outlook Web App), but instead of

3 min InsightVM

New Container Security Assessment Features Added to InsightVM

We are excited to release two new features to improve the flexibility of our container assessment capabilities: our new Container Registry Sync App and Container Image Scanner for InsightVM.

2 min InsightVM

How Rapid7’s AWS Security Hub Integrations Increase Cloud Visibility and Automate Security Operations

As part of our ongoing commitment to support customers using Amazon Web Services (AWS), Rapid7 announces integrations with the AWS Security Hub for vulnerability management and SOAR solutions.

3 min InsightVM

Rapid7 Releases Cloud Configuration Assessment Capabilities in InsightVM

Rapid7 is pleased to announce that we have released new Cloud Configuration Assessment capabilities in our InsightVM vulnerability management solution.

3 min InsightVM

Blocking User Access to Vulnerable Assets with CyberArk and InsightVM

With InsightVM's new integration with the CyberArk Privileged Access Security Solution, user access to vulnerable assets can be automatically restricted until the issue is eliminated.

3 min InsightVM

Attack Surface Monitoring with Project Sonar

Attack Surface Monitoring with Project Sonar can help you reduce and monitor your attack surface.

2 min Patch Tuesday

Patch Tuesday - June 2019

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573] , the highest count so far this year. Nothing this month seems "wormable" like the BlueKeep [https://www.rapid7.com/db/?q=CVE-2019-0708] vulnerability patched in May, and none of them have been seen exploited in the wild. However, four elevation of privilege vulnerabilities had been previo

3 min Windows

Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510): What You Need to Know

CERT/CC has released an advisory regarding discovered behavior in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions.

3 min Vulnerability Management

Why Patch Management Is Crucial for Securing Your Organization

With the deluge of assets flooding corporate networks, organizations need to have a solid patch management strategy in place.

3 min Vulnerability Management

How SOAR Is Disrupting Traditional Vulnerability Management

In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management.

3 min Patch Tuesday

Patch Tuesday - May 2019

Hot on the heels of several Apple security advisories [https://support.apple.com/en-us/HT201222] on Monday, May's Patch Tuesday sees Microsoft fix nearly 80 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d] across their product line, some of them very serious indeed, and Adobe address over 80 in Acrobat Reader [https://helpx.adobe.com/security/products/acrobat/apsb19-18.html] alone. A fix for a critical remote cod

9 min Medical

Medical Device Security, Part 3: Putting Safe Scanning into Practice

In this blog post, we put the theory we've built out in our medical device scanning series into practice.

7 min Medical

Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup

In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.

1 min Vulnerability Disclosure

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.

8 min Medical

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.

1 min Research

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.

2 min Patch Tuesday

Patch Tuesday - April 2019

Today's Microsoft updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d] resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0803] and CVE-2019-0859 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0

3 min InsightVM

Security Operations at Its Finest: Meet the InsightVM and ServiceNow Integration

Rapid7's integration between InsightVM and ServiceNow Security Operations can help your organization streamline their operations to remediate vulnerabilities faster.

1 min InsightVM

Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.

3 min Patch Tuesday

Patch Tuesday - March 2019

Today Microsoft released updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d] that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748] , a remote code execution (RCE) vulnerability in the Acces

3 min Vulnerability Disclosure

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.

7 min Vulnerability Management

Customer Perspective: How InsightVM Helps Organizations Solve Common Vulnerability Management Challenges

In this blog, Brett Droche of Amedisys explains how Rapid7's InsightVM can mitigate or completely solve common vulnerability management challenges.

3 min InsightVM

Implementing Credential Hygiene with CyberArk and InsightVM

Effectively assess your assets with a scan engine while keeping your credentials safe with the integration between CyberArk and InsightVM and Nexpose.

2 min Research

Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know

This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.

3 min Vulnerability Management

Why Most Vulnerability Management Programs Fail and What You Can Do About It

In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.

4 min Vulnerability Management

Checkmate! How to Win at Vulnerability Management Using the Game of Chess

Because the mindset you use to win at chess is the same one you should strive for as an information security professional, you can learn a lot by examining its rules, players, and strategy.

3 min Vulnerability Management

Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know

On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.

2 min Patch Tuesday

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573] being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]), .NET Framework, SharePoint, Exchange, and another slew of JET Database Engi

4 min Customer Perspective

Automation in Action: How Carnegie Mellon University Combats Vulnerabilities Using Nexpose

We recently spoke with Brian W. Gray, Information Security Engineer for Carnegie Mellon University, about how he manages vulnerabilities with Rapid7's vulnerability assessment solution, Nexpose.

8 min Vulnerability Management

Understanding Ubiquiti Discovery Service Exposures

On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.

4 min InsightVM

Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure

Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.

3 min Research

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.

2 min Vulnerability Management

What WannaCry Taught Me About the Benefits of Agents in VM Programs

In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.

3 min Vulnerability Management

How AWS and InsightVM Can Help You Securely Move to the Cloud

No one can deny that cloud adoption is increasing at a fast rate. Though moving to the cloud offers many advantages—such as speed of development, cost savings, and reduced overhead—one of the implications of adoption is that customers must change the way they approach security to adapt to hybrid and fully cloud infrastructure [https://www.rapid7.com/info/secure-your-modern-it-environment]. As this happens, security practitioners have to consider how to use their current on-premises tools in bot

3 min Vulnerability Management

Rapid7 Industry Cyber-Exposure Report Highlights the Need for Vulnerability Management

In our recently released Industry Cyber-Exposure Report: Fortune 500, we uncovered that companies across all industries in the U.S. Fortune 500 are showing signs of recurring compromise.

2 min InsightVM

Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities

InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.

2 min Patch Tuesday

Patch Tuesday - January 2019

Microsoft's first updates of the year [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573] address 49 separate vulnerabilities, which is on the low side relatively speaking. We're also getting rare respite from Flash vulnerabilities (although Adobe published [https://helpx.adobe.com/security/products/flash-player/apsb19-01.html] a "security bulletin" for Flash today, the new version does not actually contain any security fixes). It's

5 min InsightVM

Head in the Clouds: Data Warehousing in the Google Cloud

This blog discusses how to leverage InsightVM's Data Warehousing functionality to export scan data to a managed Cloud SQL instance in the Google Cloud Platform.

3 min InsightVM

Did You Remediate That? How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations

Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.

3 min AWS

Rapid7 Partners with AWS Security Hub for Deeper Vulnerability Reporting

Last month, we were thrilled to announce our integration with AWS Security Hub at AWS re:Invent.

2 min Patch Tuesday

Patch Tuesday - December 2018

It's the last Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c54acc6-2ed2-e811-a980-000d3a33a34d] of 2018! As is often the case in December, it's a relatively light one with "only" 38 CVEs. (Every other month in 2018 clocked in with at least 50 patched vulnerabilities.) This is in addition to the two Adobe Flash CVEs [http://helpx.adobe.com/security/products/flash-player/apsb18-42.html] that were patched out-of-band last week, due to a remote code ex

5 min InsightVM

Did You Remediate That? New InsightVM Executive Report Provides Key Details on Team Progress

We have developed the InsightVM Executive Report so that companies can easily report on month-over-month trends in their vulnerability management programs.

2 min Patch Tuesday

Patch Tuesday - November 2018

Microsoft's patches this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ff746aa5-06a0-e811-a978-000d3a33c573] address over 60 vulnerabilities. Just like last month [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453] , another zero-day privilege escalation vulnerability in Win32k has been patched. CVE-2018-8589 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8589] has been seen exploited in the wild,

2 min Awards

Rapid7 Wins Frost & Sullivan 2018 Global Vulnerability Management Market Leadership Award

We’re thrilled to announce that Rapid7 InsightVM was selected as the market leader in vulnerability management by Frost & Sullivan.

2 min Whiteboard Wednesday

Whiteboard Wednesday: Common Vulnerabilities as Personified by Halloween Costumes

As a security professional, you don’t need a haunted house to feel spooked this Halloween—just start exploring your environment in search of vulnerabilities.

4 min Vulnerability Management

How to Use InsightVM’s Goals & SLAs Feature to Define Important Metrics and Optimize Your Security Operations

Rapid7 InsightVM’s new Goals & SLAs feature helps security teams define relevant and meaningful metrics so they’re able to set goals against them, track individual and team progress, and receive alerts when goals are achieved or missed.

3 min Incident Detection

Rapid7 Leads All 'Strong Performers' in 2018 Forrester Wave for Emerging MSSPs

We’re proud to be recognized in the Forrester Wave as the leader in the “Strong Performer” category and to score second highest overall current offering for our Managed Security Services.

5 min InsightVM

Quantifying Vulnerability Risk: How to Quickly Calculate and Prioritize Risk

Here is a first-hand look at how we quantify the Real Risk Score and how this helps practitioners address the top vulnerabilities in their ecosystems.

3 min Vulnerability Management

Take a Bite out of the Vulnerability Remediation Backlog with InsightVM

Security teams dealing with expanding networks and increasingly sophisticated attacks can use InsightVM to help stay on top of their vulnerability backlog.

2 min Patch Tuesday

Patch Tuesday - October 2018

This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.

4 min InsightVM

Automate to Accelerate: Introducing Security Orchestration and Automation on the Rapid7 Insight Platform

Rapid7 is proud to officially announce orchestration and automation on our Insight platform, with automation taking shape in a number of existing products and our new SOAR offering, Rapid7 InsightConnect.

4 min Penetration Testing

How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.

3 min Patch Tuesday

Patch Tuesday - September 2018

More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).

3 min InsightAppSec

Scan Management with InsightAppSec: There’s More to Application Security than Long Lists of Vulnerabilities

Knowing what you are scanning, how often, and with how much success is vital to knowing your vulnerability data is accurate, up-to-date, and reflects your security position. InsightAppSec can help.

2 min Patch Tuesday

Patch Tuesday - August 2018

Microsoft's updates this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573] address over 60 vulnerabilities, 20 of which are classified as Critical. As usual, most of this month's fixes are browser-related, and nearly half of the flaws could lead to remote code execution (RCE). Patches for Exchange, SQL Server, and Microsoft Office were also released. Two of this month's vulnerabilities have already been seen exploited in th

7 min API

Your Guide to InsightVM’s RESTful API

A Security Automation-Focused API for Forward-Thinking Vulnerability Management Released in January of 2018, Rapid7 InsightVM [https://www.rapid7.com/products/insightvm/]’s API version 3—the RESTful API [/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps somewhat inconspicuous, addition to our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/]. Introduced as a successor to previous API versions, the RESTful API was designed for

3 min Azure

Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform

Today, we announced [https://www.rapid7.com/about/press-releases/rapid7-integrates-with-microsoft-azure/] continued, more comprehensive development of the integration between the Rapid7 Insight platform [https://www.rapid7.com/products/insight-platform/] and Microsoft Azure. A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment enables InsightVM customers to maintain consta

2 min Patch Tuesday

Patch Tuesday - July 2018

This month's security updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573] from Microsoft address 50 separate vulnerabilities, including two fixes [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017] for Adobe Flash Player (APSB18-24 [https://helpx.adobe.com/security/products/flash-player/apsb18-24.html]). There are no 0-days this month, although three vulnerabilities had been publicly disclosed pri

4 min Customer Perspective

Why Bow Valley College Gives Rapid7 InsightVM High Marks for Vulnerability Management

Bow Valley College uses InsightVM dashboards to identify quick wins, measure success, and communicate to senior leadership. James Cairns, database administrator at Bow Valley College, gave us a look into their vulnerability management journey with Rapid7. It’s my job to assess vulnerabilities, facilitate patching, and work with the rest of my infrastructure team to optimize our resources in order to stay on top of security issues. As the database administrator for Bow Valley College in Calgary,

2 min Patch Tuesday

Patch Tuesday - June 2018

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573] is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by Microsoft. However, a bit of excitement came earlier this month, with an out-of-band patch for Adobe Flash Player released last Thursday [https://helpx.adobe.com/security/products/flash-player/apsb18-19.html] to fix four security issues. Two of these were flaws that can lead

4 min Project Sonar

VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices

(Many thanks to Rebekah Brown [/author/rebekah-brown/] & Derek Abdine for their contributions to the post.) How does VPNFilter work? Over the past few weeks, Cisco’s Talos [https://www.cisco.com/c/en/us/products/security/talos.html] group has published some significant new research [https://blog.talosintelligence.com/2018/06/vpnfilter-update.html] on a new malware family called VPNFilter. VPNFilter targets and compromises networking devices to monitor the traffic that goes through them. The mal

4 min InsightVM

How to Streamline Your Vulnerability Remediation Workflows with InsightVM Projects

If you’re like many security practitioners, you spend a lot of time working with spreadsheets. Whether you’re trying to prioritize your findings or distribute work to remediation teams, an all-too-common workflow is to export this data into a spreadsheet to then be sorted, filtered, copied, and distributed. This tedious, manual effort seems to be the standard for vulnerability management programs [https://www.rapid7.com/solutions/vulnerability-management/] everywhere, but with our vulnerabil

2 min Patch Tuesday

Patch Tuesday - May 2018

Microsoft has released patches [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/a82328f9-1f26-e811-a968-000d3a33a34d] that resolve over 60 separate vulnerabilities including an update [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180008] for Flash Player that addresses a critical Remote Code Execution (RCE) vulnerability (CVE-2018-4944 [https://helpx.adobe.com/security/products/flash-player/apsb18-16.html]). As usual, the majority of fixes a

4 min Vulnerability Management

3 Steps to Clear the Fog: Improving Vulnerability Remediation Visibility with InsightVM

The moment you send a vulnerability report to your IT team, you want assurance that it’s being worked on—especially if there are critical vulnerabilities. You also want to be sure issues are prioritized in the right way so that deadlines are met. Often, however, this is not the reality. With different processes and tools in place, it’s difficult to align security and IT teams for effective vulnerability remediation [https://www.rapid7.com/products/insightvm/use-cases/work-better-with-it-and-devo

4 min Vulnerability Management

CVE 100K: A Big, Round Number

There have been 100,000 CVEs published. That's a big, round number.

6 min Vulnerability Management

CVE 100K: By The Numbers

There have been 100,000 CVEs published. Here are some stats on the program so far.

5 min Vulnerability Management

Drupalgeddon Vulnerability: What is it? Are You Impacted?

First up: many thanks to Brent Cook [/author/brent-cook/], William Vu [/author/william-vu/] and Matt Hand for their massive assistance in both the Rapid7 research into “Drupalgeddon” and their contributions to this post. Background on the Drupalgeddon vulnerability The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28 ) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory was released with a patch and CVE (CVE-2018-7600) [https://www.rapid7.com/

2 min InsightVM

Rapid7 InsightVM Named Best Vulnerability Management Solution by SC Magazine

SC Media has announced the 2018 SC Awards and (drumroll, please…) InsightVM [https://www.rapid7.com/products/insightvm/] is proud to take top honors as Best Vulnerability Management Solution in the Trust Awards category. Our team works tirelessly day in and day out to bring SecOps best practices [https://www.rapid7.com/solutions/secops/] to our customers, help our customers secure their modern networks, and work across teams to solve their trickiest problems. It means the world to us when th

5 min Vulnerability Management

How to Remediate Vulnerabilities Across Multiple Offices

Your vulnerability scanner [https://www.rapid7.com/products/insightvm/] embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and you find out that not everything was fixed and issues have progressed. For companies with distributed offices, it can be tricky to communicate issues to teammates you have limited facetime with, get things done quickly w

3 min Patch Tuesday

Patch Tuesday - April 2018

Over 70 vulnerabilities have been fixed this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d] , including 6 in Adobe Flash [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] ( APSB18-08 [https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once ag

3 min InsightVM

Where the sidewalk ends, extend!

Back in the day, I had the pleasure of working in an environment that made heavy use of mainframes. These hulking beasts of yesteryear were workhorses, toting VSAM files hither and thither. One of the treats of the day was the abend. For the uninitiated, IEEE [http://ieeexplore.ieee.org/document/5733835/] defines abend as the “Termination of a process prior to completion.” The mere utterance of the portmanteau [https://en.wikipedia.org/wiki/Portmanteau] abend meant we had a crisis on our hands.

3 min Vulnerability Management

Cisco Smart Install (SMI) Remote Code Execution: What You Need To Know

What’s Up? Researchers from Embedi discovered [https://embedi.com/blog/cisco-smart-install-remote-code-execution/] (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution without authentication. Cisco Smart Install (SMI) is a “plug-and-play” configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches. The feature

3 min Vulnerability Management

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM [https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of years of hard work from our product team, but also because we believe that it represents the thousands of days and nights spent working with customers to understand the challen

2 min Patch Tuesday

Patch Tuesday - March 2018

There are a lot of fixes this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d] : Microsoft's updates include patches for 76 separate vulnerabilities, including two critical Adobe Flash Player remote code execution (RCE) vulnerabilities [https://helpx.adobe.com/security/products/flash-player/apsb18-05.html]. In fact all of this month's critical vulnerabilities are browser-related. This is not surprising considering web brows

4 min Research

An Impressively Unprecedented Drop in Open memcached Services

(Many thanks to Jon Hart [https://twitter.com/jhartftw] and Tom Sellers [https://twitter.com/TomSellers] for their research and content for this blog post.) We started performing weekly monitoring of open/amplification-vulnerable memcached servers after the recent memcrashed [/2018/02/27/the-flip-side-of-memcrashed/] amplification distributed denial-of-service (DDoS) attack and today we have some truly awesome news to report, along with some evidence that the recent spate of DDoS attacks may n

4 min CIS Controls

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. If you’ve ever driven on a major metropolitan highway system, you’ve seen it: The flow of traffic is completely engineered. Routes are optimized to allow travelers to reach their destinations as quickly as possible. Traffic laws speci

2 min Patch Tuesday

Patch Tuesday - February 2018

It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual CVEs have been fixed [https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft, most of which (34) are rated "Important". As usual, most of the 14 considered "Critical" are web browser vulnerabilities that could lead to remote code execution (RCE). The most concerning non-browser issue is CVE-2018-0825 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825] , an RCE i

3 min InsightVM

Vulnerability Management Year in Review, Part 3: Remediate

The wide impact [https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/] of the Petya-like ransomware [/2017/06/27/petya-ransomware-explained/] in 2017, mere weeks after WannaCry [/2017/05/12/wanna-decryptor-wncry-ransomware-explained/] exploited many of the same vulnerabilities, illustrated the challenge that enterprises have with remediating even major headline-grabbing vulnerabilities, let alone the many vulnerabilities that don’t get news coverage. To this end, Rapid7’s vulner

3 min InsightVM

Incorporating Automated Actions Into Your Vulnerability Management Process

In today’s security climate, we all want to know that our data is as current as possible. Often, customers will increase their vulnerability scanning [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] frequency to weekly or even daily to meet the needs of an ever-changing environment. However, this requires a lot of resources and generates tons of data while making it difficult to identify only what has changed. This is exactly why we developed automated actions withi

4 min InsightVM

A RESTful API for InsightVM

With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks to genre-bending vulnerabilities like Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] the future would seem a bit blurry. Louis Pasteur [https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote: “Chance favors the prepared mind.” Pasteur’s work precedes information security as we know it today by a century, but as an an individu

3 min InsightAppSec

3 Questions to Ask When Prioritizing Web Application Vulnerabilities

Dynamic application security testing (DAST) often results in a constantly evolving list of security vulnerabilities. When scanning a web application [https://www.rapid7.com/fundamentals/web-application-security/] in production or in an active testing environment, issues can crop up as quickly as changes happen within the app. And when exposed to the internet itself, there are many more ways in which security vulnerabilities [https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/]

4 min InsightAppSec

The 4 Big Differences Between Network Security and Web Application Security

Tomato, tomato, potato, potato, network security and web application security [https://www.rapid7.com/solutions/application-security/]. Two things that may seem similar, they are actually quite different. Network security (also known as vulnerability assessment or vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/]) has been around for quite some time and is something most security practitioners today know well. Web application security, however, is still not wi

3 min Patch Tuesday

Patch Tuesday - January 2018

The first Microsoft patches of 2018 came early, with new updates released late Wednesday, January 3rd. Although this was due to the (somewhat [https://www.freebsd.org/news/newsflash.html#event20180104:01]) coordinated disclosure of the Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] vulnerabilities, last week’s updates also contained fixes for 33 additional CVEs. These days, Microsoft releases their OS updates as monolithi

2 min InsightVM

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record [https://www.darkreading.com/threat-intelligence/2017-has-broken-the-record-for-security-vulnerabilities/d/d-id/1330410?] for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever. That’s why this year we delivered several innovations within our vulne

4 min Vulnerability Management

Meltdown and Spectre: What you need to know (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

After waking up from a long winter’s nap, you may have heard the lamentations about the “Intel Kernel Leak” vulnerability, or the “Kernel Speculative Execution” vulnerability, or, now, the “Meltdown and Spectre” vulnerabilities. This is a quick post to let you know just how freaked out, or not, you should be. What’s the problem? On January 3rd, 2018, there were rumors flying around about a vulnerability that affects pretty much all modern Intel processors (which turns out to be nearly all proce

3 min InsightVM

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.

6 min Haxmas

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12 months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only eleven months this year, thanks to Microsoft canceling [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] most of February’s planned fixes. This coincided with when they’d planned to [https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/] roll out their

4 min GDPR

Creating a Risk-Based Vulnerability Management Program for GDPR with InsightVM

The General Data Protection Regulation’s (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/] deadline in 2018 is rapidly approaching, and as companies prepare for GDPR compliance [/2017/02/23/preparing-for-gdpr/], they’re facing a struggle that’s plagued every security program for years: how to quantify that nebulous, scary thing called “risk.” GDPR compliance [https://www.rapid7.com/fundamentals/gdpr/] specifically talks about “risk” several times in its guidelines, particularly in Arti

2 min Patch Tuesday

Patch Tuesday - December 2017

No big surprises from Microsoft this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6] , with 70% of the 34 vulnerabilities addressed being web browser defects. Most of these are Critical Remote Code Execution (RCE) vulnerabilities, so administrators should prioritize patching client workstations. It doesn't take sophisticated social engineering tactics to convince most users to visit a malicious web page, or a legitimate but

1 min Vulnerability Management

CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability

I have Oracle Identity Manager running in my environment. What's going on? Am I vulnerable? Recently, we’ve been getting more than a few questions about the Oracle Identity Manager vulnerability (CVE-2017-10151) [https://www.rapid7.com/db/vulnerabilities/oracle-oim-cve-2017-10151], which was rated by Oracle with the most critical CVSS score of 10 [https://nvd.nist.gov/vuln/detail/CVE-2017-10151]. This is the highest possible CVSS score, which represents a vulnerability with a low complexity for

5 min Vulnerability Management

INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know

INTEL-SA-00086 vulnerabilities? What’s Up? (Full update log at the end of the post as we make changes.) Intel decided to talk turkey [https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr] this week about a cornucopia of vulnerabilities that external (i.e. non-Intel) researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies Research — discovered in their chips. Yes: chips. Intel conducted a comprehensive review of their Intel® Management Engine

4 min Vulnerability Management

The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know

JoltandBleed vulnerabilities? What’s Up? Oracle recently issued emergency patches for five vulnerabilities: * CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server. * CVE-2017-10267 is a vulnerability of stack overflows. * CVE-2017-10278 is a vulnerability of heap overflows. * CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to bruteforce passwords of DomainPWD which i

1 min Patch Tuesday

Patch Tuesday - November 2017

Web browser issues account for two thirds of this month's patched vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99] , with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these are classified as Critical (allowing code execution without user interaction). This is no surprise, as browser bugs are typically well represented on Patch Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie

4 min Incident Detection

Changing the Corporate Network Attacker’s Risk-Reward Paradigm

Defending a corporate network is hard, while attacking one is all too easy. We break down the risk/reward ratio for corporate attackers and what we can do to change it.

6 min Metasploit

Testing SMB Security with Metasploit Pro Task Chains: Part 2

This is part two of our blog series on testing SMB security with Metasploit Pro. In the previous post, we explained how to use Metasploit Pro’s Task Chains feature to audit SMB passwords automatically. Read it here [/2017/10/31/testing-smb-server-security-with-metasploit-pro-task-chains-part-1/] if you haven’t already. In today’s blog post, we will talk about how to use a custom resource script in a Task Chain to automatically find some publicly-known high-profile vulnerabilities in SMB. Publi

3 min IoT

ROCA: Vulnerable RSA Key Generation

In the KRACK-related [/2017/10/16/the-wi-fi-krack-vulnerability-what-you-need-to-know/] and BadRabbit-related [/2017/10/24/the-badrabbit-ransomware-attack-what-you-need-to-know/] chaos of the past week and a half, some people missed a less flashy vulnerability that nevertheless dug up key long-term questions on IoT supply chains and embedded technology. The Czech-based Center for Research on Cryptography and Security published research last week [https://crocs.fi.muni.cz/public/papers/rsa_ccs1

6 min Vulnerability Management

The Wi-Fi KRACK Vulnerability: What You Need to Know

Everything you need to know about the recently disclosed KRACK vulnerability affecting Wi-Fi security protocols (WPA1 and WPA2).

3 min InsightVM

InsightVM in the Azure Marketplace

Step-by-step guide to using InsightVM to scan your assets in Microsoft's cloud.

2 min Patch Tuesday

Patch Tuesday - October 2017

Patch Tuesday round-up for October 2017

8 min Vulnerability Management

No-Priority, Post-Auth Vulnerabilities

In the course of collecting and disclosing vulnerabilities, I occasionally come across an issue that walks like a vuln, quacks like a vuln, but… it’s not exactly a vuln. As per our usual vulnerability disclosure process [https://www.rapid7.com/disclosure/], we still report these issues to vendors. The behavior observed is nearly always a bug of some sort, but it’s not immediately exploitable, or the “exploit” is merely exercising the expected level of privilege, but in an unexpected context. Po

3 min InsightVM

Container Security Assessment in InsightVM

Earlier in the year in this blog post around modern network coverage and container security in InsightVM [/2017/05/24/modern-network-coverage-and-container-security-in-insightvm/], we shared Rapid7’s plans to better understand and assess the modern and ever-changing network with Docker and container security [https://www.rapid7.com/solutions/containers-and-docker-security/]. We began by introducing discovery of Docker hosts and images, as well as vulnerability assessment and secure configuration

1 min Patch Tuesday

Patch Tuesday - September 2017

It's a big month, with Microsoft patching [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99] 85 separate vulnerabilities including the two Adobe Flash Player Remote Code Execution [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013] (RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing recent trends, the bulk of Critical RCE vulnerabilities are client-side, primarily in Edge, IE,

2 min Vulnerability Management

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement [https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/] describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502 [https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known vulnerability pattern, and I would expect crimeware kits to

4 min Nexpose

Vulnerability Management Market Disruptors

Gartner’s recent vulnerability management report [https://www.gartner.com/doc/3775765] provides a wealth of insight into vulnerability management (VM) tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the report’s last iteration in 2015, interestingly one thing hasn’t: Gartner’s analysis of potential disruptors to VM tools and practices. Great minds think alike, as we’ve been heavily investing in these areas to help our customers over

1 min Patch Tuesday

Patch Tuesday - August 2017

It was a busy month this month with a total of 48 security issues fixed. All of these have a severity of Critical or Important with Remote Code Execution vulnerabilities again figuring highly, particularly for Microsoft Edge. There were also a few publicly disclosed vulnerabilities that were fixed, including CVE-2017-8633 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633] (Privilege Escalation with Windows Error Reporting). None of the disclosed vulnerabilities

2 min Vulnerability Management

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose [https://www.rapid7.com/products/nexpose/] and InsightVM [https://www.rapid7.com/products/insightvm/] users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. If you are a Rapid7 customer who has any questions about this issue, please don't hesitate to contact your custome

4 min Vulnerability Management

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

Rebekah Brown [/author/rebekah-brown] and the Rapid7 team have delivered a spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before you read any further, if you haven't done so already, please read her post [/2017/04/18/the-shadow-brokers-leaked-exploits-faq]. It's probably not the only post you've read on this topic, but it is cogent, well-constructed and worth the 5 minutes. Back with me? With all of the media attention and discussion in the infosec community, it would

3 min Endpoints

Live Vulnerability Monitoring with Agents for Linux...and more

A few months ago, I shared news of the release of the macOS Insight Agent [/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions [https://rapid7.com/solutions/vulnerability-management/]. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For Rapid7 customers, all that really matters is you've got new capabilities to add to your kit. Introducin

5 min CIS Controls

The CIS Critical Security Controls Explained - Control 3: Continuous Vulnerability Management

Welcome to the third blog post on the CIS Critical Security Controls [https://rapid7.com/solutions/compliance/critical-controls/]! This week, I will be walking you through the third Critical Control: Continuous Vulnerability Management. Specifically, we will be looking at why vulnerability management [https://rapid7.com/solutions/vulnerability-management/] and remediation is important for your overall security maturity, what the control consists of, and how to implement it. Organizations operat

5 min CIS Controls

The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Stop No. 5 on our tour of the CIS Critical Security Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] (previously known as the SANS Top 20 Critical Security Controls) deals with Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. This is great timing with the announcement of the death of SHA1. (Pro tip: don't use SHA1 [https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/]

6 min GDPR

Preparing for GDPR Compliance: 10 Actionable Recommendations

GDPR is coming….. If your organisation does business with Europe, or more specifically does anything with the Personal Data of EU Citizens who aren't dead (i.e. Natural Persons), then, just like us, you're going to be in the process of living the dream that is Preparing for the General Data Protection Regulation (GDPR compliance) [https://www.rapid7.com/solutions/compliance/gdpr/]. For many organisations, this is going to be a gigantic exercise, as even if you have implemented processes and tec

4 min Vulnerability Management

Vulnerability Management: Best Practices

We are often asked by customers for recommendations on what they should be scanning, when they should be scanning, how they ensure remote devices don't get missed, and in some cases why they need to scan their endpoints (especially when they have counter-measures in place protecting the endpoints). This blog post is intended to help you understand why running regular scans is a vital part of a security program, and to give you options on how to best protect your ecosystem. Q: What do I need to

5 min Haxmas

12 Days of Haxmas: Giving the Gift of Bad News

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. This holiday season, eager little hacker girls and boys around the world will be tearing open their new IoT gadgets and geegaws, and set to work on evading tamper evident seals, proxy

3 min Nexpose

Vulnerability Categories and Severity Levels: "Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management tools [https://www.rapid7.com/products/nexpose/?CS=blog] is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it's not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability checks. How “True” Vulnerability Checks Work A

5 min Research

Research Report: Vulnerability Disclosure Survey Results

When cybersecurity researchers find a bug in product software, what's the best way for the researchers to disclose the bug to the maker of that software? How should the software vendor receive and respond to researchers' disclosure? Questions like these are becoming increasingly important as more software-enabled goods - and the cybersecurity vulnerabilities they carry - enter the marketplace. But more data is needed on how these issues are being dealt with in practice. Today we helped publish

5 min Nexpose

Vulnerability Management: Live Assessment and the Passive Scanning Trap

With the launch of Nexpose Now [https://www.rapid7.com/products/nexpose/now.jsp] in June, we've talked a lot about the “passive scanning trap [https://information.rapid7.com/nexpose-now-release-webcast-6.14.html]” and “live assessment” in comparison. You may be thinking: what does that actually mean?  Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment [https://www.rapid7.com/solutions/vulnerability-assessment.jsp] – and I'd like to pr

3 min Nexpose

Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job

Nexpose supports a variety of complementary reporting solutions that allows you to access, aggregate, and take action upon your scan data. However, knowing which solution is best for the circumstance can sometimes be confusing, so let's review what's available to help you pick the right tool for the job. I want to pull a vulnerability assessment report out of Nexpose. What are my options? Web Interface The Nexpose web interface provides a quick and easy way to navigate through your data. You ca

5 min Vulnerability Disclosure

Never Fear, Vulnerability Disclosure is Here

Last week, some important new developments in the way the US government deals with hackers were unveiled [https://medium.com/@SecDef/building-on-the-lessons-learned-from-hacking-the-pentagon-b5b58548b6a9#.u7xmdqrxs] : the first ever vulnerability disclosure policy of the Department of Defense [https://hackerone.com/deptofdefense]. Touted by Secretary Ash Carter as a ‘see something, say something' policy for the digital domain, this not only provides guidelines for reporting security holes in DoD

5 min Research

NCSAM: Coordinated Vulnerability Disclosure Advice for Researchers

This is a guest post from Art Manion [https://twitter.com/zmanion], Technical Manager of the Vulnerability Analysis Team at the CERT Coordination Center (CERT/CC) [http://www.cert.org/]. CERT/CC is part of the Software Engineering Institute at Carnegie Mellon University. October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA [/2016/10/03/cybersecu

3 min Nexpose

Publishing Nexpose Asset Risk Scores to ePO

Security professionals today face great challenges protecting their assets from breaches by hackers and malware. A good vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] could help mitigate these challenges, but vulnerability management solutions often produce huge volumes of data from scanning and require lots of time spent in differentiating between information and noise. Rapid7 Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog]

3 min Nexpose

Discovery of ePO Assets in Nexpose

As a corporate network grows and new locations are opened up, it becomes increasingly difficult for companies to keep track of and understand their total asset count and the associated risk exposure. Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] lets you easily discover all of your assets before a scan, but if that information is already in a great asset management tool like McAfee ePO, why waste time and duplicate efforts? Now you don't have to, with the ability to automatically im

2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management [PDF] [https://www.rapid7.com/docs/Product-Brief-Nexpose-MVM-with-feature-list-FINAL-120315.pdf] . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [https://www.rapid7.com/solutions/vulnerabi

11 min Vulnerability Disclosure

Multiple Bluetooth Low Energy (BLE) Tracker Vulnerabilities

Executive Summary While examining the functionality of three vendors' device tracker products, a number of issues surfaced that leak personally identifying geolocation data to unauthorized third parties. Attackers can leverage these vulnerabilities to locate individual users' devices, and in some cases, alter geolocation data for those devices. The table below briefly summarizes the twelve vulnerabilities identified across three products. VulnerabilityDeviceR7 IDCVECleartext PasswordTrackR Brav

4 min Security Strategy

Checks and Balances - Asset + Vulnerability Management

Creating a Positive Feedback Loop Recently I've focused on some specific use cases for vulnerability analytics within a security operations program.  Today, we're taking a step back to discuss tying vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] back in to asset management to create a positive feedback loop.  This progressive, strategic method can mitigate issues and oversights caused by purely tactical, find-fix vulnerability cycles.  And it can

6 min Metasploit

Establishing an Insider Threat Program for Your Organization

Whether employees realize it or not, they can wreak havoc on internal and external security protocols. Employees' daily activities (both work and personal) on their work devices (computers, smartphone, and tablets) or on their company's network can inflict damage. Often called “insider threats, [/2016/05/05/insider-threat-or-intruder-effective-detection-doesnt-care]” employees' actions, both unintentional or intentional, are worth paying heed to whenever possible. Gartner's Avivah Litan reported

3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [http://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing som

4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] customers to show you how to set up your first site, start a scan, and get your vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your

2 min Vulnerability Disclosure

R7-2016-21 Nine Folders Certificate Validation Vulnerability (CVE-2016-6533)

Due to a lack of certificate validation with a configured remote Microsoft Exchange server, Nine leaks associated Microsoft Exchange user credentials, mail envelopes and their attachments, mailbox synchronization information, calendar entries and tasks. This issue presents itself regardless of SSL/TLS trust settings within the Nine server settings panel. October 13, 2016 update: Version 3.1.0 was released by the vendor to address these issues. Credit Discovered by Derek Abdine [https://twitter

2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp] to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as it happens and prioritize risks for remediation. We've also been

2 min Nexpose

Vulnerability Remediation with Nexpose

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp?CS=blog] to Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/?CS=blog]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as

4 min Nexpose

InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility

Rapid7's Incident Detection and Response [https://www.rapid7.com/solutions/incident-detection/] and Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose [https://www.rapid7.com/products/nexpose/], now integrate to provide visibility and security detection across assets and the users behind them. Combining the pair provides massive time savings and simplifies incident investigation

2 min Nexpose

Remediating the CISCO EXTRABACON Vulnerability (CVE-2016-6366) with Nexpose

Recently, our research team recently wrote an extensive blog [/2016/09/06/bringing-home-the-extrabacon?CS=blog] on the EXTRABACON exploit (finally a name that we can all get behind). Our research with Project Sonar showed that a large number of devices and organizations are still exposed to this vulnerability, even though a patch has been released; and today I thought we'd get pragmatic and show how you can measure your exposure using Nexpose vulnerability management. [https://www.rapid7.com/s

4 min Nexpose

Vulnerability Management Technique: Managing Asset Exclusion to Avoid Blind Spots

Don't Create Blind Spots As a consultant for a security company like Rapid7, I get to see many of the processes and procedures being used in Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] programs across many types of companies. I must admit, in the last few years there have been great strides in program maturity across the industry, but there is always room for improvement. Today I am here to help you with one of these improvements – avoiding asset risk

2 min Exploits

R7-2016-19: Persistent XSS via Unescaped Parameters in Swagger-UI (CVE-2016-5682)

Parameters within a Swagger document are insecurely loaded into a browser based documentation. Persistent XSS occurs when this documentation is then hosted together on a public site. This issue was resolved in Swagger-UI 2.2.1 [https://github.com/swagger-api/swagger-ui/releases/tag/v2.2.1]. Summary One of the components used to build the interactive documentation portion of the swagger ecosystem is the Swagger-UI [https://github.com/swagger-api/swagger-ui]. This interface generates dynamic docu

3 min Nexpose

Building A Vulnerability Management Program that Thinks Like an Attacker, But Prioritizes Like a Business

Vulnerabilities are not created equal, not when there are so many dependencies, not only around the vuln itself, but it's applicability to your business. Sure, CVSS helps, a little, but ultimately what it has left us all with is a long list of 9s and 10s (or ‘high' alerts) and zero visibility into what to actually fix first. Ideally your vulnerability management program is prioritizing vulnerabilities by business impact, not just CVSS. In 2009 Rapid7 acquired Metasploit [https://www.rapid7.com/

2 min Nexpose

Better, Faster, Stronger: Nexpose Scan Times improved by over 10x!

In any vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp] program, defenders are always racing against time to identify new exposures and get the latest data. The recent Nexpose Now release made this easier than ever in Nexpose, but active scans will always remain important. Over the past quarter, we've made major strides in improving our scan engine performance so that customers can get the data and the fixes they need fast enough to keep up with the bad gu

6 min Vulnerability Management

Vulnerability Management Needs To Stop Slowing Security Improvement

Incremental improvement is great. Nothing, especially in the world of software, is perfect when first released to the market, so iterative improvement is an expectation every customer must have. But problems begin to arise for users when incremental improvement becomes the accepted norm for long periods of time. Many experts in the vulnerability management market believe that is what's happened in the industry: vendors continuously spit out minimal, albeit important, updates such as a new report

3 min Nexpose

Nexpose Now: Because Security Doesn't Wait

Attackers don't wait for your schedule, in fact, they try and take advantage of your ‘windows of wait' when you're biding your time waiting for a scan. Just think of your typical Patch Tuesday, when you walk in on Wednesday your vulnerability management solution has all the checks, but then you wait for that next scan. You wait for data to be recollected, assessed, and then hopefully served up in a way that is intuitive and describes exactly what you need to do, and when. At that point the work

4 min Verizon DBIR

2016 Verizon Data Breach Report: Vulnerability Management Takeaways

This year's 2016 Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/] has plenty of juicy data to pour over and for the past week we've been providing recommendations for ways to improve your security program and stop attackers. The report didn't provide any huge surprises, except for the fact that everything that was bad just keeps getting worse. Thus, we've had some great posts from my teammates focused on the Verizon Data Breach Investig

2 min Nexpose

Nexpose Content Release Cadence

Over the past year our Nexpose team has taken on the challenge of overhauling our product and internal processes to enable more frequent and seamless content releases. The objective is simple, get customers content to their consoles faster without disrupting their workflow and currently running or scheduled scans. This enables security teams to respond to industry trends much faster and coupled with our new adaptive security feature enables low impact delta scans of just the new or updated vulne

5 min Vulnerability Management

Using the National Vunerability Database to Reveal Vulnerability Trends Over Time

This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical leader with over ten years of experience in vulnerability management, digital forensics, e-Crime investigations and teaching. Currently he is a senior vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He has M.S.  in computer science and MBA degrees. 2015 is in the past, so now is as good a time as any to get some numbers together from the year that was and analyze them.  For this blog post,

2 min Nexpose

Adaptive Security: Rapid7 Critical Vulnerability Category

Starting this week, we have added a new vulnerability category: Rapid7 Critical. When we examine a typical vulnerability, each vulnerability comes with various pieces of information such as CVE id, CVSS score, and others. These pieces of information can be very handy especially when you set up Automated Actions in Nexpose. Here is an example: As you can see the example on the right, this trigger will initiate a scan action if there is a new coverage available that meets the criteria of CVSS

6 min Government

Vulnerability Disclosure and Handling Surveys - Really, What's the Point?

Maybe I'm being cynical, but I feel like that may well be the thought that a lot of people have when they hear about two surveys posted online this week to investigate perspectives on vulnerability disclosure and handling. Yet despite my natural cynicism, I believe these surveys are a valuable and important step towards understanding the real status quo around vulnerability disclosure and handling so the actions taken to drive adoption of best practices will be more likely to have impact. Hopef

1 min Vulnerability Management

Further Control of Dynamic Connections with Adaptive Security

As we have reached out to customers for feedback on Adaptive Security use cases (see: Adaptive Security Overview [/2015/10/02/adaptive-security-overview] for details on this feature), we have found that many customers would like to control the outcome of the “New Asset discovered” trigger. They want to be able to not just kick a scan since they either have some restrictions as to when to scan, or they don't scan everything that comes out of DHCP (or other dynamic source of assets), for some netw

3 min Nexpose

Nation's 'Hacker-in-Chief' Demonstrates Old Dog's Value

In today's security ecosystem, there are several technologies/programs that are considered to be the old dogs.  They've been around the block a few times, have a few gray hairs, and just aren't as sexy anymore.  Most companies have had these technologies for years now, and they typically don't get the headlines that some of the newer, hotter technologies are getting.  Antivirus, Email Security, Firewalls, and Vulnerability Management are a few of these.  It's hard to compete with big-data-machin

8 min Vulnerability Management

ScanNow DLL Search Order Hijacking Vulnerability and Deprecation

Overview On November 27, 2015, Stefan Kanthak contacted Rapid7 to report a vulnerability in Rapid7's ScanNow tool.  Rapid7 takes security issues seriously and this was no exception.  In combination with a preexisting compromise or other vulnerabilities, and in the absence of sufficient mitigating measures, a system with ScanNow can allow a malicious party to execute code of their choosing leading to varying levels of additional compromise.  In order to protect the small community of users who ma

1 min Nexpose

New Vulnerability Filtering in Adaptive Security

Nexpose has long provided the ability to filter vulnerabilities by a wide variety of categories and operators. Starting in Nexpose 6.1, filtering in new-vulnerability actions in Adaptive Security closely mirrors that of Nexpose. New vulnerability actions were covered in a recent blog .How Adaptive Security fits into your Vulnerability Management Program). [/2015/11/20/how-adaptive-security-fits-into-your-vulnerability-management-program] Similarity to Nexpose Filtering The enhanced filters no

4 min Vulnerability Management

How Adaptive Security fits into your Vulnerability Management Program

Building an Application Vulnerability Management Program, found in the SANS Institute Reading Room ( https://www.sans.org/reading-room/whitepapers/application/building-application-v ulnerability-management-program-35297), identifies vulnerability program management as a cyclical process involving the following steps: * Policy * Discovery and Baseline * Prioritization * Shielding and Mitigation * Eliminating the Root Cause * Monitoring While the use of Nexpose applies to several of these

6 min Vulnerability Disclosure

Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)

Prior to RStudio version 0.99.473, the RStudio integrated toolset for Windows is installed and updated in an insecure manner. A remote attacker could leverage these flaws to run arbitrary code in the context of the system Administrator by leveraging two particular flaws in the update process, and as the RStudio user via the third update process flaw. This advisory will discuss all three issues. Since reporting these issues, RStudio version 0.99.473 has been released. This version addresses all

2 min Vulnerability Management

Top 3 Takeaways from the "Detecting the Bear in Camp: How to Find your True Vulnerabilities" Webcast

In the webinar, “Detecting the Bear in Camp: How to Find your True Vulnerabilities [https://information.rapid7.com/detecting-the-bear-in-camp-how-to-find-your-true-vulnerabilities.html?CS=blog] ”, Jesika McEvoy and Ryan Poppa discussed what it takes to be successful in a vulnerability centric world. Many companies fall short when it comes to remediation after spending too much time trying to scan everything and find every vulnerability. Jesika and Ryan shared best practices for how to avoid thi

1 min Android

Disclosure: Android Chrome Address Bar Spoofing (R7-2015-07)

Android Chrome Address Bar Spoofing (R7-2015-07) Summary Due to a problem in handling 204 "No Content" responses combined with a window.open event, an attacker can cause the stock Chrome browser on Android to render HTML pages in a misleading context. This effect was confirmed on an Android device running Lollipop (5.0). An attacker could use this vulnerability to convince a victim of a phishing e-mail, text, or link to enter private credentials to an untrusted page controlled by the attacker.

3 min Exploits

R7-2015-01: CSRF, Backdoor, and Persistent XSS on ARRIS / Motorola Cable Modems

By combining a number of distinct vulnerabilities, attackers may take control of the web interface for popular cable modems in order to further compromise internal hosts over an external interface. Affected Product ARRIS / Motorola SURFboard SBG6580 Series Wi-Fi Cable Modem The device is described by the vendor as a "fully integrated all-in-one home networking solution that combines the functionality of a DOCSIS/EuroDOCSIS 3.0 cable modem, four-port 10/100/1000 Ethernet switch with advanced fi

1 min Vulnerability Management

March 2015 OpenSSL Security Advisory

Today OpenSSL released a security advisory [https://openssl.org/news/secadv_20150319.txt] listing 14 vulnerabilities affecting various versions of OpenSSL. There are 2 High, 9 Moderate, and 3 Low severity vulnerabilities in the mix. The security community was anxious that there could be another Heartbleed (or worse) in this list. Thankfully, this is NOT the case, even among the High severity vulnerabilities. Many of these vulnerabilities are limited in their scope, impact, and/or prevalence (es

3 min Vulnerability Disclosure

Weekly Metasploit Wrapup

McAfee ePO Vulnerability Disclosure This week, we have another delightful exploit from our dear friend Brandon Perry, which targets McAfee's ePolicy Orchestrator. This bug was disclosed on the Full Disclosure mailing list [http://seclists.org/fulldisclosure/2015/Jan/8] on January 8, hit the Metasploit pull request queue [https://github.com/rapid7/metasploit-framework/pull/4586] on January 14, and was committed to the master branch of Metasploit Framework on January 18th, whereupon it got picked

9 min Vulnerability Disclosure

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Overview As part of Rapid7 Labs' Project Sonar [https://sonar.labs.rapid7.com/], among other things, we scan the entire public IPv4 space (minus those who have opted out) looking for listening NTP servers.  During this research we discovered some unknown NTP servers responding to our probes with messages that were entirely unexpected.  This lead to the writing of an NTP fuzzer in Metasploit [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fuzzers/ntp/ntp_protocol_fuz

1 min Vulnerability Management

Done with Vulnerability Management 101? Build an advanced risk management program

Nobody wants to be part of a team that just chugs along, sight unseen until The Next Big Crisis hits—advanced security teams know how to provide true business value every day, and they have the results to prove it, too. These security teams know that the key to their success is not playing whack-a-mole with whatever vulnerabilities they have time to address, but rather they take a step back and look at the whole business for context and cues. Not all assets are equally important to a business--

13 min Zero-day

R7-2013-19 Disclosure: Yokogawa CENTUM CS 3000 Vulnerabilities

On Saturday, March 8th, @julianvilas [https://twitter.com/julianvilas] and I spoke at RootedCON [https://www.rootedcon.es/?lang=en] about our work with the Yokogawa CENTUM CS3000 product. Today, as promised, we're publishing details for three of the vulnerabilities found in the product. For all of you who weren't able to attend RootedCON, we're going just to quote the Yokogawa description of their own product [http://www.yokogawa.com/dcs/products/cs3000/overview/dcs-3k-0101en.htm] in order to in

3 min Open Source

Metasploit Weekly Update: On Breaking (and Fixing!) Security Software

Attacking Security Infrastructure This week, one module stands out for me: the Symantec Endpoint Protection Manager Remote Command Execution [http://www.metasploit.com/modules/exploit/windows/antivirus/symantec_endpoint_manager_rce] by xistence [https://github.com/xistence], who built on the proof-of-concept code from Chris Graham [http://www.exploit-db.com/exploits/31853/], who turned that out after Stefan Viehbock's disclosure from last week. You can read the full disclosure text from SEC Co

1 min Awards

And the winner is...you!

On Saturday night, amidst the neon lights and smoke-filled casinos of Las Vegas, Rapid7's Support team won an award: the 2014 Silver Stevie for Best Frontline Customer Service Team. This holds special meaning to us, because the award isn't really about Rapid7. It's about our customers. Over the years Rapid7 Support has built strong relationships with countless organizations on their journey towards a well-managed information security program. Our team of experts strives to make the support proc

1 min Vulnerability Management

Rapid7 Given Vulnerability Management Market Penetration Leadership Award by Frost & Sullivan

This week, we proudly announced that Frost & Sullivan has presented Rapid7 with the Global Vulnerability Management Market Penetration Leadership award. So what does that mean, exactly? In a nutshell: We're growing really fast. Faster than anyone else in this space, in fact. “Rapid7 is renowned for its reputation in vulnerability management, which is an integral part of any security program,” said Chris Kissel, Frost & Sullivan industry analyst, in the report.  “Because Rapid7 has made signif

1 min Nexpose

NEX-37823 XSS in Nexpose vuln-summary.jsp (Fixed)

Nexpose users are urged to update to the lastest version of Nexpose to receive the patch for the described security vulnerability. Note that by default, Nexpose installations update themselves automatically. A cross-site scripting (XSS) vulnerability has been discovered by Yunus ÇADIRCI [https://twitter.com/yunuscadirci] and subsequently patched in recent versions of Rapid7's Nexpose vulnerability scanner. By providing URL-encoded HTML tags (including script tags), an unauthenticated attacker

4 min Vulnerability Disclosure

Supermicro IPMI Firmware Vulnerabilities

Introduction This post summarizes the results of a limited security analysis of the Supermicro IPMI firmware. This firmware is used in the baseboard management controller (BMC) of many Supermicro motherboards. The majority of our findings relate to firmware version SMT_X9_226. The information in this post was provided to Supermicro on August 22nd, 2013 in accordance with the Rapid7 vulnerability disclosure policy. More information on this policy can be found online at http://www.rapid7.com/disc

5 min Vulnerability Disclosure

Seven FOSS Tricks and Treats (Part One)

Adventures in FOSS Exploitation, Part One: Vulnerability Discovery This is the first of a pair of blog posts covering the disclosure of seven new Metasploit modules exploiting seven popular free, open source software (FOSS) projects. For technical details on the security issues for the applications discussed here, see Brandon Perry's exhaustive blog post [/2013/10/30/seven-tricks-and-treats]. Back over DEFCON, Metasploit contributor Brandon Perry decided to peek in on SourceForge, that grand-da

9 min Vulnerability Disclosure

Seven FOSS Tricks and Treats (Part Two)

Adventures in FOSS Exploitation, Part Two: Exploitation This is part two of a pair of articles about disclosing vulnerabilities in a set of FOSS projects, see part one [/2013/10/30/seven-foss-disclosures-part-one] for some background on these vulnerabilities in particular, and some general advice for FOSS developers and maintainers. A while back, I started a project to go over some of the top Sourceforge web applications and try to write some Metasploit modules for them. In the end, I was able

2 min Microsoft

Patch Tuesday - April 2013 Edition!

The April 2013 MS Tuesday advisories are is out and it forecasts an interesting patching session for Microsoft administrators.  There are 9 advisories, for 14 CVEs, affecting 16 distinct platforms in 5 categories of Microsoft products, including the not-often-seen patching of “Microsoft Office Web Apps” and “Microsoft Security Software”. Once again there is an IE patch (MS13-028) which is rated critical, but this one differs from last month's incarnation by applying to all supported versions

2 min Microsoft

Microsoft Security Bulletin Summary for December 2012

Microsoft Security Bulletin Summary for December 2012 contains seven bulletins; five critical and two important. The key take away for this month's patch cycle is that most of the impact related to these vulnerabilities can be drastically minimized if the “least privilege” principle is enforced in organizations. It's always a good idea to look at the proliferation of administrative accounts, and many organizations can bring in the new year with fresh patches and limiting their administrative ac

1 min Metasploit

Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Thanks for the many CISOs and security engineers who attended our recent webcast, in which I presented some practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this presentation focuses on leveraging Metasploit for ongoing security assessments that can be achieved with a small security team to reduce the risk of a data breach. This webcast is now available for on-

1 min Metasploit

UNITED Security Summit - Your Man on the Street

Hello all, I'm Patrick Hellen, the Community Manager for SecurityStreet. This week, I'm going to be coming to you live from the San Francisco show floor of the UNITED Security Summit, giving my impressions of what's happening at the event over the next week. I'll be speaking about everything, from the topics in the various talk tracks, to the sheer amount of fun at the party. I'll also be hijacking the Rapid7 Twitter feed for the next few days - to make sure you're up to date on my random path

1 min Microsoft

Microsoft Security Bulletin Summary for August 2012

Microsoft's Patch Tuesday Security Bulletin Summary for August 2012 contains nine bulletins and addresses 28  vulnerabilities. MS12-052 is a critical patch for four vulnerabilities in Internet Explorer 6, 7, and 8. This bulletin is a continuation in Microsoft's monthly Internet Explorer patch cadence. This should be number one on organizations' and consumers' “must patch” list. MS12-053, labeled as critical, patches yet another Remote Desktop Protocol (RDP) vulnerability, though Microsoft st

3 min Networking

SOC Monkey - Week in Review - 7.2.2012

Happy Monday Monkeynauts! My Free App [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8] from the Apple App Store [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8] had these following links as it's most repeated and retweeted last week.  Let's take a look at what had everyone buzzing. First up this week, is the response from RSA to a few posts saying they were hacked: Don't Believe Everything You Read; Your RSA SecurID Token is Not Cracked. [http://blogs.rsa.com/curry/d

5 min Compliance

5 NON-TECHNICAL REASONS ORGANIZATION GET BREACHED

For every data breach that makes the headlines, there are tens to hundreds that go unreported by the media, unreported by companies, or even worse, go unnoticed. The rash of negative publicity around organizations that have experienced data breaches would appear to be a sufficient motivator to whip corporate leaders into bolstering their security programs in order to prevent from being the next major headline. If that is not reason enough, the litany of regulations imposed on certain industries

2 min Microsoft

Microsoft Security Bulletin Summary for June 2012

The Microsoft Security Bulletin Summary for June 2012 contains 7 bulletins addressing 28 security bugs.  Three of the bulletins are rated “critical” and the rest “important”. MS12-036 is a critical bulletin that addresses vulnerabilities allowing an attacker remote code execution related to the Windows Remote Desktop Protocol (RDP). This relates to MS12-020, which had organizations on high alert in March after Microsoft issued warnings that the vulnerability could be weaponized to result in wid

1 min Exploits

Oracle Issues Java Security Fixes

Oracle released Java Release 7 Update 5 and Java Release 6 Update 33 in order to patch several security vulnerabilities. I expect older versions to have public exploit code available soon. IsJavaExploitable.com [http://isjavaexploitable.com/] has been updated to assist everyone in detecting if they need to upgrade. Apple has also made patches available for OS X, which is a testament to Apple improving their consumer security. In the last couple of months Apple has made drastic improvements on re

3 min Networking

SOC Monkey - Week In Review - 6.11.12

Dear Monkeynauts, As some of you might have noticed, I've moved my publication date out to Monday going forward. This gives you the entire weekend to download my App [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8], from the Apple App Store! [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8] I'm sure it's no surprise to all of you, that our most retweeted and talked about topic this week is of course Linkedin, and their very large password leak, followed swiftly by the

3 min Penetration Testing

SOC Monkey Week in Review - 5.4.12

Monkey Minions!  I have returned!  For those of you who still have not done so, make sure to download my SOC Monkey App [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8], from the Apple App Store [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8]. Still free, still fantastic. First up this week is the latest attempt of some type of legislation aimed at cybersecurity: Passage of CISPA in the U.S. House highlights need for viable cybersecurity legislation. [http://radar.oreil

2 min Compliance

SOC Monkey Week in Review - 4.26.12

Dearest Monkey Minions, It is once again your favorite Simian InfoSec curator, bringing you the most interesting bits and pieces from my App [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8], that is, as you know, free in the Apple App Store [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8]. This week, I'm actually traveling out there in that big wide world, so I'm going to keep this relatively simple. Next week, my normal big monkey mouth will be back in force, with lots

3 min Networking

SOC Monkey Week in Review - 4.19.12

Welcome back my Monkey minions, to the SOC Monkey Week In Review, (download me now from the Apple App Store! [http://itunes.apple.com/us/app/soc-monkey/id500480953?mt=8], I'm free!) I'm starting off this week with a rather lengthy post about Cyberwar [http://www.foreignpolicy.com/articles/2012/02/27/cyberwar?page=full] and all the hype surrounding it. The article does a great job of pulling together all the existing and threatened cyber attacks that have been targeted towards Governmental entit

1 min Networking

Leveraging Security Risk Intelligence to Improve Your Security Posture

As most of you probably know, attackers routinely target exploitable weaknesses of security systems rather than pre-identifying victims for their attacks. Also, most breaches that occur in database security systems are avoidable without expensive or sophisticated countermeasures. In its 2012 Data Breach Investigations Report, Verizon [http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf] registered 174 million compromised records for 2011, compar

2 min Microsoft

Microsoft Security Bulletin Summary for April 2012

Microsoft Security Bulletin Summary for April 2012 contains six bulletins, four of which are rated “critical”.  All of the critical bulletins would result in remote code execution. One of the important bulletins – MS12-028 – could also be looked on as critical because it's easy to exploit and results in remote code execution. MS12-023 is a cumulative security update for Internet Explorer that patches six vulnerabilities. This should be the top priority for organizations as users could be compro

2 min Metasploit

Myth Busted: Apple is Hacker Proof

Update 4/4/2012: Apple released a patch for Java last night. The first thing I'd like to say is that I am an Apple fanboy and can usually be found defending them vigorously like any loyal fanboy would. I hear time and time again from other Apple users that Apple products are "hacker proof", which is a total myth. My buddy Jayson Street says Apple products are perceived as shiny magical things, which I guess adds to the myth. Mac users are so use to hearing about exploits that only affect Win

1 min Vulnerability Management

Verizon 2012 Data Breach Investigations Report

Verizon's 2012 Data Breach Investigations Report was just released and here are my quick thoughts: While there was an increase in the number of breaches, the good news is that 97% of breaches were avoidable through simple or intermediate controls. There is a low barrier for entry to pull off the majority of these breaches, with 96% of attacks not particularly difficult to execute. In fact, I have yet to see any credible reports linking more than single digit percentages to advanced attacks and

1 min Nexpose

How to Check for Remote Desktop Protocol (RDP) Services

There are many organizations concerned with the critical Microsoft Security Bulletin MS12-020 [http://technet.microsoft.com/en-us/security/bulletin/ms12-020] Remote Desktop Protocol (RDP) vulnerability. Here is a quick way to check if you have Remote Desktop Protocol running on your system or network. I used NMAP [http://nmap.org/] to check my home network. In the highlighted text below you can see that NMAP can check for the RDP service running. If you can't patch, this is important because at

2 min Patch Tuesday

Microsoft Security Bulletin Summary for March 2012

The Microsoft Security Bulletin Summary for March 2012 covers one critical, four important bulletins, and one moderate for a total of six bulletins. MS12-020 is labeled as critical and affects all Windows XP Service Pack 3, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 that are running remote desktop protocol (RDP). RDP is used for remote management by many organizations, and this will remind people of the pcAnywhere vulnerabilities in the press

2 min Patch Tuesday

Microsoft Security Bulletin Summary for February 2012

In the Microsoft Security Bulletin Summary for February 2012, Microsoft released nine bulletins to address 20 vulnerabilities. Instead of love on Valentine's day, organizations may have fear pumping through their hearts when you couple the recent news of several high profile breaches with Patch Tuesday. There are four bulletins rated “critical” and they will likely affect all organizations. The critical bulletins are MS12-008, MS12-010, MS12-013, and MS12-016 which are all related to browsers a

2 min Metasploit

Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation

When we talk to Metasploit users, they usually use it for either penetration testing, password auditing or vulnerability validation, but few use it for more than one of these purposes. By leveraging your investment in Metasploit, you can triple-dip at the same price - no extra licenses needed. Penetration Testing With penetration testing, you can identify issues in your security infrastructure that could lead to a data breach. Weaknesses you can identify include exploitable vulnerabilities, we

2 min Microsoft

Microsoft Security Bulletin for January 2012

Only one of the bulletins is rated “Critical”: MS12-004, which is a vulnerability relating to Windows Media Player.  Exploiting this vulnerability would allow remote code execution and this should be of top concern for both companies and private users. This vulnerability can be exploited by embedded malicious Windows Media Players in web pages. This should serve as a reminder that we should expect researchers and attackers to continue to exploit client applications such as media players and brow

1 min Penetration Testing

10 Places to Find Vulnerable Machines for Your Lab

It can sometimes be challenging to find vulnerable machines for your penetration testing or vulnerability management lab. Here's a list of vulnerable machines you should check out: 1. Metasploitable [http://information.rapid7.com/download-metasploitable.html?LS=1631875&CS=web] 2. UltimateLAMP [http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip] 3. Web Security Dojo [http://sourceforge.net/projects/websecuritydojo/files/] 4. OWASP Hackademics [https://code.google.com/p/owasp-ha

2 min Patch Tuesday

October 2011 Patch Tuesday

This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only two bulletins were rated 'critical', and the rest were rated 'important'. In terms of prioritizing patching, when I look at security vulnerabilities, first I want to understand which ones can have the most widespread impact. MS11-081is a cumulative update which affects Internet Explorer, so it relates to both corporate and home users. These v

1 min Metasploit

Consulting for Profit: Building a Business on Security Assessments

Are you looking to expand your security consulting practice? Many companies around the world have built a successful business by packaging vulnerability management and penetration testing into the following services: * Security assessments * Deployment services * Security awareness * PCI Compliance * 11.2 Vulnerability Management * 11.3 Penetration Testing * Compliance and governance * Managed security services * Trainings We've heard from a lot of the security consul