Last updated at Thu, 10 Aug 2023 21:13:10 GMT
The past few weeks have been extraordinary for the global threat landscape with zero-day vulnerabilities like MOVEit (CVE-2023-34362) and Barracuda’s Email Security Gateway (ESG) (CVE-2023-2868). Rapid7’s security research team was one of the first to detect exploitation of Progress Software’s MOVEit Transfer solution—four days before the vendor issued public advisory. From there, the team moved quickly to provide prompt remediation guidance to InsightVM and Nexpose customers.
With continued focus to drive better customer outcomes, this quarter is filled with product upgrades like improved UI for the Console, custom policy for Agent-Based assessment, an updated dashboard card, and more. Let’s take a look at some of the key updates in InsightVM and Nexpose from Q2.
[InsightVM] Agent-Based Policy supports custom policy assessment
Guidelines from Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG) are widely used industry benchmarks for configuration assessment. However, a benchmark or guideline alone may not meet the unique needs of every business.
So, Agent-Based Policy assessment now supports Custom Policies. Global Administrators can now customize built-in policies, upload policies, or enable a copy of existing custom policies for agent-based assessments. Learn more here.
[InsightVM] Top Riskiest Asset Locations dashboard card provides even more details
The Top Riskiest Asset Locations dashboard card previously showed site location and risk score. This card was enhanced, on customer request, to also include total assets and total vulnerabilities in the card preview. This provides customers additional context around why a location has a large risk score and helps alert users to sites requiring additional attention.
[InsightVM and Nexpose] A new look for the Users section of the Console Administration
This quarter, we also continued updating the user interface (UI) of the Console Administration to facilitate a more intuitive and consistent user experience across the Console and the Insight Platform, including InsightVM.
The latest section to be updated is the Users section of the Console Administration. The update improves accessibility and the overall user experience of the Users page. We also made some cool new additions like light mode, a wizard to make adding new users under “Add Users” section more intuitive, and the ability to Manage columns displayed on the Users overview section.
[InsightVM and Nexpose] Support for Ubuntu 22.04 LTS
Security Console and Scan Engine now support Ubuntu 22.04 Operating System. Ubuntu is one of the most popular Linux distributions. Version 22.04 of Ubuntu will receive long term support from the vendor for hardware and maintenance updates as well as extended security maintenance. Customers on the previous versions of Ubuntu can now upgrade to 22.04!
[InsightVM and Nexpose] Containerized scan engine - continuous release
Containerized Scan Engine delivers the Scan Engine as a packaged or portable application that can easily be deployed to modern infrastructure. Now a new Containerized Engine image is automatically created and posted to Docker Hub with every InsightVM Product or Content update. This ensures you’re continuously working with the latest release. Prior versions are also available, denoted by tag. Learn more about containerized scan engines.
[InsightVM and Insight Platform] New retention setting for tracking Insight Agents
You can now configure the retention period that determines how long Insight Agents are tracked in your Agents table. In addition to the default 30 day period, this new setting allows you to set retention periods of 7 and 15 days. See our updated Agent management settings documentation for configuration instructions and more details.
[InsightVM and Nexpose] Checks for notable vulnerabilities
We have been committed to providing swift coverage for the emergent threats Rapid7 responds to under our Emergent Threat Response (ETR) program. Since Q4 2022, we provided coverage the same day or within 24 hours for over 20 emergent threats, which includes zero-day vulnerabilities.
Rapid7’s Emergent Threat Response (ETR) program flagged multiple CVEs this quarter. InsightVM and Nexpose customers can assess their exposure to many of these CVEs with vulnerability checks, including:
- MOVEit Transfer solution CVE-2023-34362: Rapid7’s research team saw the first instances of compromise in Progress Software’s MOVEit Transfer solution. This was four days before the vendor issues public advisory. Since then our team has been tracking this critical zero-day vulnerability. Rapid7 has remote and authenticated vulnerability checks available to InsightVM and Nexpose customers for both MOVEit Transfer vulnerabilities. Learn more here.
- Widespread Exploitation of Zyxel Network Devices CVE-2023-28771: Added to the Known Exploited Vulnerabilities (KEV) list by CISA, this vulnerability impacted the Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network (WAN) interface, which is intended to be exposed to the internet. Learn more about Rapid7’s response here.
- PaperCut Remote Code Execution Vulnerability CVE-2023-27350: an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software that allows attackers to bypass authentication and execute arbitrary code as SYSTEM on vulnerable targets. InsightVM customers have an authenticated check available for the CVE on Windows and MacOS systems. Learn more about Rapid7’s response here.
- Barracuda ESG Appliances CVE-2023-2868: The Email Security Gateway (ESG) appliances of Barracuda Networks were impacted by a remote command injection vulnerability that the firm said had been exploited in the wild by threat actors since at least October 2022. Learn more about the CVE and mitigation guidance here.
- Fortinet’s Fortigate Firewall CVE-2023-27997: A critical remote code execution (RCE) vulnerability was discovered in Fortigate SSL VPN firewalls. Fortinet device vulnerabilities are historically popular with attackers of all skill levels, though exploitability varies on a vuln-by-vuln basis. An authenticated vulnerability check is available for Rapid7 customers to assess their exposure. Learn more here.