2 min
Should Security Teams Use CSP Nonces to Better Comply with PCI?
This week, tCell sponsored BSidesSF . Many things I’ve
heard about the conference proved to be true, and the technical depth of
conversations I had at our table was definitely enough to keep me on my toes.
One of the most interesting conversations was with a company that wanted to talk
about Content Security Policies (CSP). They had come to the conclusion that new
revisions of the PCI security standards
would require that they imple
5 min
Vulnerability Management
How to Remediate Vulnerabilities Across Multiple Offices
Your vulnerability scanner embarks
on its weekly scan. The report comes in, you fire it off to your IT team across
the country and...silence. Thinking they’re on it, you go on with your day,
until next week’s scan report comes in and you find out that not everything was
fixed and issues have progressed.
For companies with distributed offices, it can be tricky to communicate issues
to teammates you have limited facetime with, get things done quickly w
3 min
Public Policy
Georgia should not authorize "hack back"
Update 05/09/18: Georgia Governor Deal vetoed SB 315. In a thoughtful veto
statement, the Governor noted that the legislation raised "concerns regarding
national security implications and other potential ramifications," and that "SB
315 may inadvertently hinder the ability of government and private industries"
to protect against breaches. The statement expressed interest in working with
the cybersecurity and law enforcement communities on a new policy.
The Georgia state legislature recently pas
4 min
InsightIDR
Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats
InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/13/18
What's Your Favorite Security Site?
When you are browsing sites on the Internet, you may notice some sites
will include your public IP address on their pages.
But what if you came across a site that also showed your IP address from your
private network range
? This might be a
little worrying , but
before you run off you check to make sure the coast is cle
3 min
Threat Intel
Threat Intel Book Club: The Cuckoo's Egg wrap-up
Last week, Rebekah Brown and I wrapped up The
Cuckoo’s Egg with book club
readers around the world. Dig through some blog archives to get a sense of how
this book club got started
and what we’ve
discussed so far
. Below
is a recap of
4 min
DevOps
How DevOps Can Use Quality Gates for Security Checks
Your team has been working at all hours to put the final touches on code for a
new big feature release. All the specs are in, the feature works as expected,
and the code is pushed to production. A few hours later, the daily security scan
runs and the alerts start piling in. What went wrong? And what do you do now?
Typically when this happens, it means rolling back the entire deployment,
retroactively fixing the bugs and vulnerabilities in the code, and a week or two
later, re-deploying. If you’
3 min
Patch Tuesday
Patch Tuesday - April 2018
Over 70 vulnerabilities have been fixed this month
, including 6 in Adobe Flash
(
APSB18-08
).
At a high level, there's nothing too out of the ordinary. Unfortunately, that
means the majority of the patched vulnerabilities are once ag
7 min
Vulnerability Disclosure
Shoring Up the Defenses Together: 2018Q1 Wrap-Up
Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed
in Rapid7 products and supporting services. You won’t need to take any actions:
all of the issues have been addressed. We are disclosing these vulnerabilities
in order to be transparent, to thank those that take the time to report security
issues responsibly, and to provide a few reminders of security concerns that you
should audit for in your own organization.
Dynamically-generated web server access policies
Generat
3 min
CIS Controls
CIS Critical Security Control 13: Data Protection Explained
This is a continuation of our CIS critical security controls blog series
.
Data protection is one of the cornerstones of a solid security program, and it
is a critical function of the CIA Triad of Confidentiality, Integrity, and
Availability. Data protection, as characterized by Critical Control 13, is
essentially secure data management. What do we mean by that?
What is CIS Critical Security Control 13?
Secure data management encompasses c
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/7/18
Mobile Moose
This week marked the beginning of our time in the new office. Everything got
packed up and moved: computers, chairs, Rudy’s cups, and odd soy sauce packets
in the back of the drawers. One consequence of moving to downtown Austin is that
the lunch debates take longer, with flame wars about both the best tacos and the
best barbecue.
Metasploit: Now With More Snakes!
@shellfail doubled down this wrapup; way back in
March, he wrote a guide to writing P
4 min
Metasploit Weekly Wrapup
Metasploit Wrapup 4/2/18
Spring has come again to Austin, TX, home of the Rapid7 Metasploit team. While
the season here brings pollen and allergies, it also brings fields full of
bluebonnets and folks taking pictures before they all disappear. Let's celebrate
by looking at what's popped up in Metasploit this week.
New Data Model
Last week, we landed the beginning of a new backend service for Metasploit,
dubbed 'Goliath', which creates a new abstraction between Metasploit Framework
and how it interacts with the databa
4 min
CIS Controls
CIS Critical Control 12: Boundary Defense Explained
This blog is a continuation of our blog series on the CIS Critical Controls
.
Key Principle: Detect/prevent/correct the flow of information transferring
networks of different trust levels with a focus on security-damaging data.
What Is It?
Boundary defense is control 12
of the CIS Critical
Controls and is
part of the ne
5 min
Rapid7 Perspective
Actually, Grindr is Fine: FUD and Security Reporting
On Wednesday, March 28, NBC reported Grindr security flaws expose users'
location data
, a story which ticks a couple hot-button topics for security professionals and
security reporters alike. It’s centered around the salacious topic of online
dating in the LGBT community, and hits a personal safety concern for people
using the app everywhere, not to mention the possibility of outing
3 min
Vulnerability Management
Cisco Smart Install (SMI) Remote Code Execution
What You Need To Know
Researchers from Embedi discovered
(and responsibly disclosed) a stack-based buffer overflow weakness in Cisco
Smart Install Client code which causes the devices to be susceptible to
arbitrary remote code execution without authentication.
Cisco Smart Install (SMI) is a “plug-and-play” configuration and
image-management feature that provides zero-touch deployment