1 min
Nexpose
The Easy Button for Updating your Nexpose Database
Relax while Nexpose does the work for you
You may have received notifications that you need to update your Nexpose
database soon in order to continue receiving product updates. You may have been
putting it off because it sounds like a pain.
Good news: it's simple!
Have you seen the Staples commercials with the “easy button?” Nexpose basically
has that for the update. You don't have to go in to your database and mess
around with an upgrade wizard. Nexpose handles all that for you. All you ha
4 min
Nexpose
GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data
A recently discovered severe vulnerability, nicknamed GHOST, can result in
remote code execution exploits on vulnerable systems. Affected systems should be
patched and rebooted immediately. Learn more about
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]
CVE-2015-0235 and its risks
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed].
The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability.
Once the Nexpose 5.12.0 content update
3 min
Vulnerability Disclosure
POODLE Jr.: The Revenge - How to scan for CVE-2014-8730
A severe vulnerability was disclosed in the F5 implementation of TLS 1.x that
allows incorrect padding and therefore jeopardizes the protocol's ability to
secure communications in a way similar to the POODLE vulnerability
[/2014/10/14/poodle-unleashed-understanding-the-ssl-30-vulnerability].
The Nexpose 5.11.10 update provides coverage for this vulnerability, which has
been given the identifier CVE-2014-8730
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8730]. Learn more
about CVE-2
3 min
Vulnerability Disclosure
Block the POODLE's bite: How to scan for CVE-2014-3566
A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly
jeopardizes the protocol's ability to secure communications. All versions of SSL
have been deprecated and its use should be avoided wherever possible. POODLE
(Padding Oracle On Downgraded Legacy Encryption) is the attack that exploits
this vulnerability and allows a hacker to potentially steal information by
altering communications between the SSL client and the server (MitM). Learn
more
about CVE-2014-3566
[/2014/10
3 min
Vulnerability Disclosure
Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)
_[Edited 10:05 AM PDT, October, 2014 for the Nexpose 5.10.13 release]_
[Edited 10:05 AM PDT, September 26, 2014 for the Nexpose 5.10.11 release]
A severe vulnerability was disclosed in bash that is present on most Linux, BSD,
and Unix-like systems, including Mac OS X. The basis of this vulnerability
(nicknamed Shellshock) is that bash does not stop processing after the function
definition, leaving it vulnerable to malicious functions containing trailing
commands. Common Vulnerabilities and Exp
2 min
Scanning time machine: Reporting on a historical scan
In network security, the questions are urgent. Are we protected against malware?
Do we have protocols in place to prevent a hacker from breaking in?
Sometimes, however, you need to look back in time and see what the status was in
the past.
If you have been tracking a vulnerability and it finally goes away, you might
want to check the information in a past scan and compare it to changes in your
environment.
Another reason you might want to report on a historical scan is an audit. If you
are re