5 min
Cybersecurity
NCSAM Security Crash Diet, Week 1: Maintenance
One of Rapid7's employees tries a month of different 'security diets' in the spirit of National Cyber Security Awareness Month. Week one highlights the importance of maintenance.
8 min
Vulnerability Management
No-Priority, Post-Auth Vulnerabilities
In the course of collecting and disclosing vulnerabilities, I occasionally come
across an issue that walks like a vuln, quacks like a vuln, but… it’s not
exactly a vuln. As per our usual vulnerability disclosure process
, we still report these issues to
vendors. The behavior observed is nearly always a bug of some sort, but it’s not
immediately exploitable, or the “exploit” is merely exercising the expected
level of privilege, but in an unexpected con
6 min
Vulnerability Disclosure
Vulnerabilities Affecting Four Rapid7 Products (FIXED)
Today we are announcing four fixed vulnerabilities in four Rapid7 products,
summarized in the table below. These issues are low to medium severity (mostly
due to the high exploitation requirements), but we want to make sure that our
customers have all the information they need to make informed security
decisions. This article includes detailed descriptions of the vulnerabilities,
as well as how to ensure they are mitigated in your environment. Some of the
updates are automatic, but some may requ
3 min
Komand
SOC Series: How to Choose the Right Skills for Your SOC
Do you have the right mix of skills in your security operations center (SOC)
? Whether your
SOC is brand new or has been around for years, you need to be sure it’s built to
meet the demands of today’s complex security landscape.
In this post, we’ll define the most important skills any SOC should have today
so you can be sure to have the right mix of people to safeguard your business.
Effective Team and Communication Skills
Regard
3 min
Automation and Orchestration
How to Password Protect Apache Directories with mod_authn_dbd and MySQL on Ubuntu Linux
Synopsis
The mod_authn_dbd is an Apache module that provides the functionality for Apache
to authenticate users with MySQL database. This module provides authentication
front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by
looking up users in MySQL tables. Apache’s mod_authn_dbd supports a wide range
of drivers such as, ODBC, MSSQL, SyBase, MySQL, Oracle, PostgreSQL and SQLite.
This module allows execution of arbitrary SQL for user / password matching and
also support al
3 min
Automation and Orchestration
How To Secure Apache with Let's Encrypt on Ubuntu Linux
Synopsis
Improving your website security has generally been most complicated and
expensive task for every Linux administrator. Let’s Encrypt is a free,
automated, and open certificate authority that provides free X.509 certificates
for Transport Layer Security encryption via an automated process. It is very
complex process to install and add an SSL certificate to a web server. You can
make it easier with the help of Let’s Encrypt. You can easily encrypt data
4 min
Automation and Orchestration
How to Secure SSH Server using Port Knocking on Ubuntu Linux
Synopsis
Port Knocking is a method used to secure your port access from unauthorised
users. Port Knocking works by opening ports on a firewall by generating a
connection attempt on a set of prespecified closed ports. Once a correct
sequence of connection attempts is received, the firewall will open the port
that was previously closed. The main purpose of port knocking is to defend
yourself against port scanners. Changing your default ssh port is not a secure
method to protect your server, becaus
3 min
Automation and Orchestration
How to Secure MySQL Server on Ubuntu Linux
Synopsis
Now a day database server is very critical and necessary component for any
applications. Databases can be found in everything from web applications, web
server to smartphones and other devices. Most of software applications rely on a
database to store its data. This is the reason why databases are the number one
target of any attackers. Among all the databases MySQL and MariaDB has become
the world’s most popular open source database due to its fast performance, high
reliability and eas
3 min
Rapid7 Perspective
NCSAM: A Personal Security Crash Diet
We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.
11 min
Research
Building a Backpack Hypervisor
Researcher, engineer, and Metasploit contributor Brendan Watters shares his experience building a backpack-size hypervisor.
2 min
Managed Detection and Response (MDR)
Rapid7 and NISC work together to help customers with detection and response
Rapid7 and NISC will work together to provide Managed Detection and Response (MDR) services to the NISC member base, powered by the Rapid7 Insight platform and Rapid7 Security Operation Centers (SOCs.)
1 min
InsightIDR
Want to try InsightIDR in Your Environment? Free Trial Now Available
InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.
5 min
Exploits
macOS Keychain Security : What You Need To Know
If you follow the infosec twitterverse or have been keeping an eye on macOS news
sites, you’ve likely seen a tweet
(with accompanying
video) from Patrick Wardle (@patrickwardle )
that purports to demonstrate dumping and exfiltration of something called the
“keychain” without an associated privilege escalation prompt. Patrick also has a
more in-depth Q&A blog post
9 min
InsightOps
3 Core Responsibilities for the Modern IT Operations Manager
In the good old days, IT operations
managers were responsible for
maintaining the infrastructure, meeting service levels agreements, sticking to
budget, and keeping employees happy. Life was not easy, but at least it was
familiar. You knew your hardware, your software, your employees. You determined
services levels based on what you could actually see and touch. You told people
what to do and they did it. While IT was perceived to be an expensive
8 min
Vulnerability Disclosure
Multiple vulnerabilities in Wink and Insteon smart home systems
Today we are announcing four issues affecting two popular home automation
solutions: Wink's Hub 2 and Insteon's Hub. Neither vendor stored sensitive
credentials securely on their associated Android apps. In addition, the Wink
cloud-based management API does not properly expire and revoke authentication
tokens, and the Insteon Hub uses an unencrypted radio transmission protocol for
potentially sensitive security controls such as garage door locks.
As most of these issues have not yet been addres