2 min
InsightVM
Distribute Reports to Email Addresses in InsightVM
A new email reports feature in InsightVM allows users to easily and quickly distribute reports to users who may not have access to the platform.
3 min
SOAR
Better Together: XDR, SOAR, Vulnerability Management, and External Threat Intelligence
Effectively prioritizing security incidents comes down to having the right data and intelligence from inside your IT environment and the world outside.
4 min
InsightVM
InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning
Scan Diagnostics will report a “vulnerable” result against assets when the Scan Engine is supplied with credentials but unable to gather local information.
6 min
InsightVM
Passwordless Network Scanning: Same Insights, Less Risk
The Scan Assistant is a lightweight service within InsightVM Network Scan Engine that can scan against targets without the need to provide credentials
7 min
Vulnerability Management
Patch Tuesday - October 2021
Today’s Patch Tuesday sees Microsoft issuing fixes
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct] for over 70 CVEs,
affecting the usual mix of their product lines. From Windows, Edge, and Office,
to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for
workstation and server administrators alike.
One vulnerability has already been seen exploited in the wild: CVE-2021-40449
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40449] is
an elev
6 min
Research
For Microsoft Exchange Server Vulnerabilities, Patching Remains Patchy
When it comes to the state of patching for recent Exchange Server vulnerabilities, the picture is more incomplete than you'd think.
1 min
Lost Bots
[The Lost Bots] Episode 6: D&R + VM = WINNING!
In this episode, Practice Advisor Devin Krugly joins to discuss how Detection and Response + Vulnerability Management = a winning combination.
2 min
Emergent Threat Response
Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)
On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.
4 min
Cloud Security
OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability
On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).
7 min
Patch Tuesday
Patch Tuesday - September 2021
Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/10/21
Confluence Server OGNL Injection
Our own wvu along with Jang [https://twitter.com/testanull] added a module that
exploits an OGNL injection (CVE-2021-26804
[https://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection]
)in Atlassian Confluence's WebWork component to execute commands as the Tomcat
user. CVE-2021-26804 is a critical remote code execution vulnerability in
Confluence Server and Confluence Data Center and is actively being exploited in
the wild. Initial di
4 min
Vulnerability Disclosure
CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities
Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System.
5 min
Cybersecurity
Fortinet FortiWeb OS Command Injection
An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
3 min
Incident Response
Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows
Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.