4 min
Cloud Security
How to Handle Misconfigurations in the Cloud
In part three of our four-part series on security in the cloud, we will cover how to handle misconfigurations in the cloud.
3 min
Patch Tuesday
Patch Tuesday - February 2020
A relatively modest 99-vulnerability February Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb]
has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674]
(originally ADV200001
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001])
announced back on January 17. Fortunately, that is the only vulnerability
reported this month th
2 min
Vulnerability Management
Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)
This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.
4 min
AWS
How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud
In part two of our series on security in the cloud, we’ll discuss how to detect, prioritize, and remediate vulnerabilities that you find in your cloud environment.
3 min
Vulnerability Management
How to Measure the ROI of Your Vulnerability Risk Management Solution
In this blog, we discuss the seven key criteria you should consider when picking and measuring the efficacy of a vulnerability management solution.
3 min
Vulnerability Management
Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model
In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.
4 min
InsightVM
Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams
If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.
4 min
Research
Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.
10 min
Vulnerability Management
How to Get Started with the InsightVM Integration for ServiceNow CMDB
Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.
2 min
Vulnerability Management
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.
3 min
Vulnerability Management
Patch Tuesday - January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
[https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
Microsoft by the NSA: CVE-2020-0601
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601]
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
4 min
InsightVM
How to Define and Communicate Vulnerability Risk Across Your Company
In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.
4 min
InsightVM
Simplify Your Data Search with Query Builder in InsightVM
Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.
3 min
InsightVM
7 Vulnerability Risk Management Resolutions To Consider in the New Year
In this blog, we discuss seven Vulnerability Risk Management resolutions that all security professionals should be making in 2020.
2 min
Patch Tuesday
Patch Tuesday - December 2019
Today we come to the end of 2019's monthly Microsoft Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec]
(also known as Update Tuesday). This Christmas, Microsoft presents us with 36
vulnerabilities (that's two less than this time last year!) and no new
vulnerabilities from Adobe for Adobe Flash.
Unfortunately, despite a light month, there's still action to be taken.
CVE-2019-1458
[https://portal.msrc.microsoft.com/en-US/security-guidance/advis