6 min
InsightVM
How to Create an OS-Based Policy Scanning Workflow in InsightVM
In this blog, we provide a step-by-step walkthrough of how to create an OS-based policy scanning workflow in InsightVM.
3 min
Vulnerability Management
Threat and Vulnerability Management Best Practices
In this blog post, we provide a high-level overview of vulnerability management and why it’s critical for modern businesses.
3 min
Vulnerability Management
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management
programs
[https://www.rapid7.com/fundamentals/vulnerability-management-program-framework/]
focused solely on servers, running quarterly scans that targeted only critical
systems.
But that was then, and you can’t afford such a limited view in the now. Truth
is, vulnerability exploitation now happens indiscriminately across the modern
attack surface—from local and remote endpoints to on-prem and cloud
infrastructure to we
3 min
Vulnerability Management
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved,
Microsoft covers 112 CVEs this November affecting products ranging from our
standard Windows Operating Systems and Microsoft Office products to some new
entries such as Azure Sphere.
Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege
Vulnerability
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087]
Coming as no surprise to anyone, the previously disclosed CVE-2020-17087
zero-day
2 min
News
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.
3 min
Vulnerability Management
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.
2 min
InsightVM
Rapid7 Announces Improvements to Goals and SLAs in InsightVM
We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.
14 min
InsightVM
Scan Template Best Practices in InsightVM
This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.
9 min
Vulnerability Disclosure
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.
1 min
InsightVM
Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives
Let’s talk false positives. They’re frustrating and faulty to anyone in security. The good news? We’ve added even more ways to reduce the noise they cause.
3 min
Vulnerability Management
There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")
Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.
4 min
InsightVM
How InsightVM Helps You Save Time and Prove Value
In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts.
3 min
Vulnerability Management
Why Every Organization Needs a Vulnerability Management Policy
In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk.
2 min
News
HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know
HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.
5 min
Research
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.