138 matches found
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017. This is the day the "ransomworm" dubbed "WannaCry" / "Wannacrypt" burst -- literally -- onto the scene with one of the initial targets being the British National Health Service. According to The Guardian: the "unprecedented attack… affected 12 countries and at least 1...
Building a Car Hacking Development Workbench: Part 1
Introduction There is a vast body of knowledge hiding inside your car. Whether you are an auto enthusiast, developer, hobbyist, security researcher, or just curious about vehicles, building a development bench can be an exciting project to facilitate understanding and experimentation without...
How Do You Identify Zero-Days and Fileless Malware? Download (the) RAM.
Banner Source: The ever-handy http://www.downloadmoreram.com. When a tactic becomes less and less effective, its important to shift strategies and adapt. With malware, attackers are doing exactly that. As preventative measures such as antivirus and endpoint detection and response continue to...
(Server) Ransomware in the Cisco 2017 Midyear Cybersecurity Report: Rapid7's Readout
It's summer in the northern hemisphere and many folks are working their way through carefully crafted reading lists, rounding out each evening exploring fictional lands or investigating engrossing biographies. I'm hoping that by the end of this post, you'll be adding another item to your "must...
Running an Effective Incident Response Tabletop Exercise
Are you ready for an incident? Are you confident that your team knows the procedures, and that the procedures are actually useful? An incident response tabletop exercise is an excellent way to answer these questions. Below, Ive outlined some steps to help ensure success for your scenario-based...
How to Combine D3 with AngularJS
The Benefits and Challenges of D3 Angular Combination Today we'll be focusing on how to combine D3 with the AngularJS framework. As we all know, Angular and D3 frameworks are very popular, and once they work together they can be very powerful and helpful when creating dashboards. But, they can al...
InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)
In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR users, who now had the capabilities of a SIEM, powered by user behavior analytics UBA and endpoint detection. Soon we started to roll...
Cleaning House: Maintaining an accurate and relevant vulnerability management program
When Nexpose launched in the early 2000s, technology was vastly different from the world we live in today: most people connected to the internet over dial-up modems, personal computers were shared within the household, and televisions were still set-top boxes. Technology has evolved dramatically...
R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)
This post describes three security vulnerabilities related to access controls and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze fixed all three issues by May 6, 2017, and user action is not required to remediate. Rapid7 thanks Fuze for their quick and thoughtful respon...
Live Vulnerability Monitoring with Agents for Linux…and more
A few months ago, I shared news of the release of the macOS Insight Agent. Today, Im pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For...
Combining Responder and PsExec for Internal Penetration Tests
By Emilie St-Pierre, TJ Byrom, and Eric Sun Ask any pen tester what their top five penetration testing tools are for internal engagements, and you will likely get a reply containing nmap, Metasploit, CrackMapExec, SMBRelay and Responder. An essential tool for any whitehat, Responder is a Python...
EternalBlue: Metasploit Module for MS17-010
This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows S...
Survival of the fastest: evolving defenders with broad security automation
If youve read the news at all lately, you know that we're having some struggles with information security. Everything from elections to hospitals to Westeros is considered a target, and adversaries continue to learn and innovate--often faster than the defense can respond. Its not that they have...
Announcement: End-of-life Metasploit 32-bit versions
UPDATE: With the release of version 4.15 on July 19, 2017, commercial Metasploit 32-bit platforms Metasploit Pro, Metasploit Express, and Metasploit Community no longer receive future product or content updates. These platforms are now obsolete and are no longer supported. Rapid7 announced the en...
R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure
This post describes a vulnerability in Yopify a plugin for various popular e-commerce platforms, as well as remediation steps that have been taken. Yopify leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization. This poses a significant...
More Answers, Less Query Language: Bringing Visual Search to InsightIDR
Sitting down with your data lake and asking it questions has never been easy. In the infosec world, there are additional layers of complexity. Users are bouncing between assets, services, and geographical locations, with each monitoring silo producing its own log files and slivers of the complete...
Getting started in sales: Q&A with Eric Erston
Today we're excited to introduce a key leader in Rapid7s sales organization: Eric Erston is Rapid7's senior vice president of sales for the Americas region. He has extensive experience in a variety of sales roles, including leading go-to-market functions for mergers and acquisitions. Prior to...
Metasploit: The New Shiny
It's been a while since I've written a blog post about new stuff in Metasploit and I'm not sure if the editors will let me top the innuendo of the last one. But I'm privileged to announce that I'm speaking about Metasploit twice next month: once at the FSec 17 Conference in Varaždīn, Croatia...
You've Got 0-Day!
Hey all, it feels like its been forever since I wrote a blog post that wasnt about some specific disaster currently consuming the Internet, so I just wanted to drop a note here about how Ill be speaking at UNITED 2017, Rapid7s annual security summit in Boston September 11-14. Specifically, Ill be...
WannaCry coda: Have you disabled SMBv1?
By now, if you're reading this blog, you probably have read about WannaCry. If not, please take a moment to review: Wanna Decryptor WNCRY Ransomware Explained Using Threat Intelligence to Mitigate Wanna Decryptor WannaCry WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are...
SIEM Security Tools: Four Expensive Misconceptions
Why modern SIEM security solutions can save you from data and cost headaches. If you want to reliably detect attacks across your organization, you need to see all of the activity thats happening on your network. More importantly, that activity needs to be filtered and prioritized by risk -- acros...
Virtual Machine Automation (vm-automation) repository released
Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are...
InsightVM now available in Japan
InsightVM customers can now choose to store their InsightVM data in Japan. At Rapid7, we enable customers to comply with policies and preferences by selecting the region where their data is transmitted, processed, and stored. We're excited to announce that Japan joins our existing data centers in...
Building a Car Hacking Development Workbench: Part 2
This is part two of a three-part series. Part one covered how to build a development workbench. Part two of this series will cover reading electrical diagrams and serve as a primer for part three, where we will re-engineer common circuit types found in vehicles. Electrical Diagrams &...
CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key
Today, Rapid7 is notifying Nexpose and InsightVM users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. ...
Simple Vulnerability Remediation Collaboration with InsightVM
Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security team...
The Next Generation of the Rapid7 Community
Rapid7s community is evolving! For the past several years, community.rapid7.com has been our platform for news and knowledge spanning blogs, questions, discussion, and documentation. We have tried to ensure that our community site has been a source of pragmatic, down-to-earth information and...
Top Reasons for Graduate Students to Attend UNITED
The countdown is on to Rapid7s annual UNITED Summit in Boston on September 13-14. Rapid7 has partnered with top universities all over the globe to provide students with industry-leading security solutions as part of their coursework, equipping them with hands-on knowledge as they head into the...
DevOps: Vagrant with AWS EC2 & Digital Ocean
The Benefits of Vagrant Plugins Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We Use Them and Vagrant with Chef-Server, we will take another step forward and look into provisioning our servers in the cloud. There are many cloud providers out there, most who provide...
IoT Security Testing Methodology
By Deral Heiland IoT - IoT Research Lead Rapid7 Nathan Sevier - Senior Consultant Rapid7 Chris Littlebury - Threat Assessment Manage Rapid7 End-to-end ecosystem methodology When examining IoT technology, the actionable testing focus and methodology is often applied solely to the embedded device...
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them
WannaCry Overview Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding computers for ransom at hospitals, government offices, and businesses. To recap: WannaCry exploits a vulnerability in the...
Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story
Integrating InsightVM or Nexpose Rapid7's vulnerability management solutions with Metasploit our penetration testing solution is a lot like Cupid playing "matchmaker" with vulnerabilities and exploit modules. When a vulnerability scan is imported into Metasploit, many things happen under the hood...
Why you have to move beyond “We have a policy for that”
Ive never been a big fan of - or have believed in the value of - security policies. Sure, theyre necessary for setting expectations and auditors want to see them. They can also serve as a sort of insurance policy to fall back on when an unexpected security "event" occurs. But, at the end of the...
Heroku Dynos Explained
What are Heroku Dynos? If youve ever hosted an application on Heroku, the popular platform as a service, youre likely at least aware of the existence of "Dynos". But what exactly are Heroku Dynos and why are they important? As explained in Herokus docs, Dynos are simply lightweight Linux containe...
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been released http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/, once again providing a data-driven snapshot into what topped the cybercrime charts in 2016. There are just under seventy-five information-rich...
Live Threat-Driven Vulnerability Prioritization
We often hear that security teams are overwhelmed by the number of vulnerabilities in their environments: every day they are finding more than they can fix. It doesnt help when rating schemes used for prioritization, like the Common Vulnerability Scoring System CVSS, dont really work at scale or...
White House Cybersecurity Executive Order Summary
Yesterday President Trump issued an Executive Order on cybersecurity: "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." The Executive Order EO appears broadly positive and well thought out, though it is just the beginning of a long process and not a sea change in...
Wanna see WannaCry vulns in Splunk?
Do you want to see your WannaCry vulns all in one dashboard in Splunk? We've got you covered. Before you start, make sure you have these two apps installed in your Splunk App: Rapid7 Nexpose Technology Add-On for Splunk Rapid7 Nexpose for Splunk Steps 1. Follow the directions in this blog post to...
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence Cyber Threat Intelligence is analyzed information about the opportunities, capabilities, and intent of cyber adversaries. The goal of cyber threat intelligence is to help people make decisions about how to prevent, detect, and respond to threats against their...
The CIS Critical Controls Explained - Control 7: Email and Web browser protection
This blog is a continuation of our blog post series around the CIS Critical Controls. The biggest threat surface in any organization is its workstations. This is the reason so many of the CIS Critical Security Controls relate to workstation and user-focused endpoint security. It is also the reaso...
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems...
Scan Export/Import Using the nexpose-client Gem
The latest release 5.10.13 introduces a new feature into Nexpose, scan exporting and importing. We're looking to address a need in air-gap environments, where customers can have multiple consoles to address network partitioning. This approach is not without its warts. For example, if you have...
Project Sonar - Mo' Data, Mo' Research
Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community. Over the years this has resulted in vulnerability disclosures, research papers, conference...
The CIS Critical Security Controls Series
What are the CIS Critical Security Controls? The Center for Internet Security CIS Top 20 Critical Security Controls previously known as the SANS Top 20 Critical Security Controls, is an industry-leading way to answer your key security question: "How can I be prepared to stop known attacks?" The...
Announcing the new log search UI for Logentries
We are excited to announce the upcoming release of our brand new log search functionality. This contains a number of new features and a lot of improvements to the user experience. Among some of the new features is a brand new query builder, the ability to change which logs should be in a log set,...
Copyright Office Calls For New Cybersecurity Researcher Protections
On Jun. 22, the US Copyright Office released its long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act DMCA, and it has important implications for independent cybersecurity researchers. Mostly the news is very positive. Rapid7 advocated extensively for researcher protections to ...
Announcement: End-of-life Metasploit 32-bit versions
Rapid7 announced the end of life of Metasploit Pro 32-bit versions for both Windows and Linux operating systems on July 5th, 2017. This announcement applies to all editions: Metasploit Pro, Metasploit Express and Metasploit Community. After this date Metasploit 32-bit platforms will not receive...
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone control. It can be difficult to know how to make meaningful progress in your vulnerability management program when simply maintaining visibility can be a struggle. One way to get some leverage is to make wise use of asset...
Rapid7 urges NIST and NTIA to promote coordinated disclosure processes
Rapid7 has long been a champion of coordinated vulnerability disclosure and handling processes as they play a critical role in both strengthening risk management practices and protecting security researchers. We not only use coordinated disclosure processes in our own vulnerability disclosure and...
What is BDD Testing: Practical Examples of Behavior Driven Development Testing
The Need for Behavior Driven Development BDD Testing Tools It should come as no surprise to learn that testing is at the heart of our engineers' daily activities. Testing is intrinsic to our development process, both in practical terms and in our thinking. Our engineers work with complex systems...