3 min
Public Policy
What Is Texas Senate Bill 820, and How Will It Affect Your School District?
In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.
3 min
Patch Tuesday
Patch Tuesday - November 2019
November's Patch Tuesday is upon us and, this month, Microsoft addressed 74
vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429]
) has been seen under active exploitation. By prioritizing the released
Microsoft Windows and Internet Explorer patches, the door to 58 of the 74
vulnerabilities will be closed off. Also, for the second month in a row, this
Patch Tuesday sees an absent security upd
4 min
InsightVM
The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue
In this blog, we discuss lessons learned from RDP exploits such as BlueKeep and DejaBlue, and how organizations can be protected form future vulnerabilities.
4 min
InsightVM
5 Steps to Go from Patch Management to Vulnerability Management
The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.
4 min
InsightVM
InsightVM vs. Managed Vulnerability Management: How to Choose Which Rapid7 Offering Is Right for You
In this blog, we explain our two vulnerability management offerings—InsightVM and our Managed Vulnerability Management Service—so you can make an informed decision about which is right for you.
2 min
Patch Tuesday
Patch Tuesday - October 2019
This month's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573]
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
and nothing that could allow worms to proliferate. And nothing from Adobe
[https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's
nothing to do: Microsoft still published 59 CVE
5 min
Project Sonar
Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice
On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.
5 min
Vulnerability Management
How DHS and MITRE Collaborate to Validate Vulns
In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.
3 min
InsightVM
Four Ways to Improve Automated Vulnerability Management Efficiency with SOAR
In this post, we’ll cover four ways to leverage security orchestration and automation (SOAR) to improve your vulnerability management program and save time in the process.
4 min
Vulnerability Management
CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know
On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.
5 min
Cloud Infrastructure
How to Set Up InsightVM in Your Google Cloud Environment
In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.
8 min
AWS
Automating the Cloud: AWS Security Done Efficiently
Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.
2 min
Patch Tuesday
Patch Tuesday - August 2019
First off, the big news for today's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d]
: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities,
reminiscent of the BlueKeep
[/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/]
vulnerability (CVE-2019-0708
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708]
) that was patched last May. CVE-2019-11
2 min
Vulnerability Management
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.
3 min
Vulnerability Management
BlueKeep Exploits May Be Coming: Our Observations and Recommendations
Rapid7 Labs has observed a significant uptick in malicious RDP activity since the release of CVE-2019-0708 (aka “BlueKeep”).