138 matches found
Patch Tuesday - May 2017
It's a relatively light month as far as Patch Tuesdays go, with Microsoft issuing fixes for a total of seven vulnerabilities as part of their standard update program. However, an eighth, highly critical vulnerability CVE-2017-0290 that had some of the security community buzzing over the weekend w...
SIEM Security Tools: Four Expensive Misconceptions
Why modern SIEM security solutions can save you from data and cost headaches. If you want to reliably detect attacks across your organization, you need to see all of the activity thats happening on your network. More importantly, that activity needs to be filtered and prioritized by risk -- acros...
Project Sonar - Mo' Data, Mo' Research
Since its inception, Rapid7's Project Sonar has aimed to share the data and knowledge we've gained from our Internet scanning and collection activities with the larger information security community. Over the years this has resulted in vulnerability disclosures, research papers, conference...
SIEM Security Tools: Four Expensive Misconceptions
Why modern SIEM security solutions can save you from data and cost headaches. If you want to reliably detect attacks across your organization, you need to see all of the activity thats happening on your network. More importantly, that activity needs to be filtered and prioritized by risk -- acros...
Simple Vulnerability Remediation Collaboration with InsightVM
Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security team...
Metasploit Weekly Wrapup
Ghost...what??? hdm recently provided a new exploit module for a type confusion vulnerability that exists in Ghostscript versions 9.21 and earlier, allowing remote code execution on the target. And to "kick it up a notch", this exploit got itself a snazzy logo which also contains the exploit:...
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been released http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/, once again providing a data-driven snapshot into what topped the cybercrime charts in 2016. There are just under seventy-five information-rich...
R7-2017-03: Improper Access Control of Fuze Meeting Recordings (FIXED)
This post describes a security vulnerability in the Fuze collaboration platform, and the mitigation steps that have been taken to correct the issue. The Fuze collaboration platform did not require authentication to access meeting recordings CWE-284. Shortly after being informed of this issue, Fuz...
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM...
The CIS Critical Security Controls Explained – Control 6: Maintenance, Monitoring and Analysis of Audit Logs
In your organizational environment, Audit Logs are your best friend. Seriously. This is the sixth blog of the series based on the CIS Critical Security Controls. Ill be taking you through Control 6: Maintenance, Monitoring and Analysis of Audit Logs, in helping you to understand the need to nurtu...
Metasploit Wrapup, 4.14.4 through 4.14.11
Editor's Note: While this edition of the Metasploit Wrapup is a little late my fault, sorry, we're super excited that it's our first ever Metasploit Wrapup to be authored by an non-Rapid7 contributor. We'd like to thank claudijd -long-time Metasploit contributor, Mozilla security wrangler, and...
Live Vulnerability Monitoring with Agents for Linux…and more
A few months ago, I shared news of the release of the macOS Insight Agent. Today, Im pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For...
Rapid7 urges NIST and NTIA to promote coordinated disclosure processes
Rapid7 has long been a champion of coordinated vulnerability disclosure and handling processes as they play a critical role in both strengthening risk management practices and protecting security researchers. We not only use coordinated disclosure processes in our own vulnerability disclosure and...
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Fridays Shadow Broker exploit and tool release and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses,...
Patch Tuesday - April 2017
This month's updates deliver vital client-side fixes, resolving publicly disclosed remote code execution RCE vulnerabilities for Internet Explorer and Microsoft Office that attackers are already exploiting in the wild. In particular, they've patched the CVE-2017-0199 zero-day flaw in Office and...
InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)
In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR users, who now had the capabilities of a SIEM, powered by user behavior analytics UBA and endpoint detection. Soon we started to roll...
New Vulnerability Remediation Display in Nexpose Gets You to a Fix Faster
Background Information As part of the Nexpose 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report. Over the years, weve heard from our customers that the Top Remediations Report is one of...
Rapid7: Supporting the Community at BSides Boston
One of the things I love about working at Rapid7 is how deeply this company embodies the concept of giving back to the Security Community. Whether it be discussing research on adversary analytics, attack methods for breaking out of sandboxes, or simply breaking into the industry - Rapid7 encourag...
Introducing RubySMB: The Protocol Library Nobody Else Wanted To Write
The Server Message Block SMB protocol family is arguably one of the most important network protocols to be conversant in as a security professional. It carries the capability for File and Print Sharing, remote process execution, and an entire system of Named Pipes that serve as access points to a...
Metasploit, [REDACTED] Edition
Why should REDACTED have all the fun with spiffy codenames for their exploits? As of today, Metasploit is taking a page from REDACTED, and equipping all Metasploit modules with equally fear-and-awe-inspiring codenames. Sure, there are catchy names for vulnerabilities -- we remember you fondly,...
Cisco Enable / Privileged Exec Support
In Nexpose version 6.4.28, we are adding support for privileged elevation on Cisco devices through enable command for those that are running SSH version 2. A fully privileged policy scan provides more accurate information on the target's compliance status, and the ability to do so through enable...
Combining Responder and PsExec for Internal Penetration Tests
By Emilie St-Pierre, TJ Byrom, and Eric Sun Ask any pen tester what their top five penetration testing tools are for internal engagements, and you will likely get a reply containing nmap, Metasploit, CrackMapExec, SMBRelay and Responder. An essential tool for any whitehat, Responder is a Python...
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with Nexposes web spider functionality. This check will be performed against any URIs discovered with the suffix ".action" the default configuration for Apache Struts apps. To learn more about using this check, read this...
Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched
AppSpider scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them? In some cases it could take several days to weeks before a fix/patch to resolve the vulnerability ca...
The CIS Critical Security Controls Explained - Control 2: Inventory of Authorized and Unauthorized Software
As I mentioned in our last post, the 20 critical controls are divided into System, Network, and Application families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch,...
Under the Hoodie: Actionable Research from Penetration Testing Engagements
Today, we're excited to release Rapid7's latest research paper, Under the Hoodie: Actionable Research from Penetration Testing Engagements, by Bob Rudis, Andrew Whitaker, Tod Beardsley, with loads of input and help from the entire Rapid7 pentesting team. This paper covers the often occult art of...
Incident Detection and Investigation - How Math Helps But Is Not Enough
I love math. I am even going to own up to having been a "mathlete" and looking forward to the annual UVM Math Contest in high school. I pursued a degree in engineering, so I can now more accurately say that I love applied mathematics, which have a much different goal than pure mathematics. Taking...
Nexpose Dimensional Data Warehouse and Reporting Data Model: What's the Difference?
The Data Warehouse Export recently added support for a Dimensional Model for its export schema. This provides a much more comprehensive, accessible, and scalable model of data than the previous now referred to as "Legacy" model. The foundation for this dimensional model is the same as the Reporti...
Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?
Every infosec conference is chatting about the Attack Chain, a visual mapping of the steps an intruder must take to breach a network. If you can detect traces of an attack earlier, you not only have more time to respond, but can stop the unauthorized access to monetizable data and its exfiltratio...
Using CIS Controls To Stop Your Network From Falling in With the Wrong Crowd
Earlier this month Kyle Flaherty wrote a post on the Rapid7 Community Blog about how Rapid7 came out on top for coverage of the Center for Internet Security CIS Top 20 Security Controls. In light of recent DDoS events Id like to take a little time to discuss at a high level what the controls are,...
Nexpose Now: Because Security Doesn't Wait
Attackers dont wait for your schedule, in fact, they try and take advantage of your windows of wait when youre biding your time waiting for a scan. Just think of your typical Patch Tuesday, when you walk in on Wednesday your vulnerability management solution has all the checks, but then you wait...
Nexpose Scan Engine on the AWS Marketplace
Rapid7 is excited to announce that you can now find a Nexpose Scan Engine AMI on the Amazon Web Services Marketplace making it simple to deploy a pre-authorized Nexpose Scan Engine from the AWS Marketplace to scan your AWS assets! What is an AMI ? An Amazon Machine Image AMI allows you to launch ...
R7-2015-27 and R7-2015-24: Fisher-Price Smart Toy® & hereO GPS Platform Vulnerabilities (FIXED)
Through our recent publication of numerous security issues of Internet-connected baby monitors, we were able to comprehensively raise awareness of the real-world risks facing those devices. Further, we were able to work with a number of vendors to get key security problems resolved, resulting in...
Use DHCP Discovery to Implement Critical Security Control #1
The number one critical security control from the Center for Internet Security recommends actively managing all hardware devices on the network: CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage inventory, track, and correct all hardware devices on the network so that only...
Scan Export/Import Using the nexpose-client Gem
The latest release 5.10.13 introduces a new feature into Nexpose, scan exporting and importing. We're looking to address a need in air-gap environments, where customers can have multiple consoles to address network partitioning. This approach is not without its warts. For example, if you have...
How do I get my data out of Nexpose? Answer: SQL Query Export
Do any of these these questions sound familiar? "Printable reports are really valuable and I use them on a daily basis. However, is there a section that I can add to show a summary by asset group or site?" "I really like the XML format, but its a little hard to process and I have to write code to...
Compromising Embedded Linux Routers with Metasploit
Normally we don't get a lot of contributions regarding embedded devices. Even when they are an interesting target from the pentesting point of view, and is usual to find them out of DMZ zones on corporate networks. Maybe it's because access to these devices or the software running in top of them ...
Managing Your Nexpose Scan Engines through the API
Here's a walk-through of a Ruby script that uses the nexpose gem to add and configure your Nexpose Scan Engines. This script configures the Dynamic Scan Pool feature. A Scan Engine pool is a group of shared Scan Engines that can be bound to a site so that the load is distributed evenly across the...