All Posts

CVE-2017-16943: Exim BDAT Use-After-Free

Exim BDAT Use-After-Free (CVE-2017-16943): What You Need To Know Turns out, the Exim Internet Mailer team was busy over the Thanksgiving holiday, after security researcher “meh ” reported a pair of vulnerabilities in the wildly popular open source email server. The first, a critical remote execution vulnerability, is a use-after-free (UAF) vulnerability, dubbed CVE-2017-16943

3 min InsightIDR

InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics, are now core to SIEM to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest and no parser hears it, the SIEM hath no sound.” We’ve included endpoint visibility in InsightIDR since the beginning—it’

2 min Detection and Response

Firewall Reporting Excessive SYN Packets? Check Rate of Connections

In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.

5 min Log Management

3 Steps to Building an Effective Log Management Policy

You’re on Call Duty. You’re awoken in the middle of the night by your cell phone in the throes of an SMS frenzy. You’re getting hundreds of messages from your company’s logging service: a record is being written to a database, code is being executed, a new container is being spun up, and on and on. None of these messages matter to you. You just turn off your phone and go back to sleep. The next day you go into the office only to find out that half the racks in your datacenter went offline durin

5 min Vulnerability Management

INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know

INTEL-SA-00086 vulnerabilities? What’s Up? (Full update log at the end of the post as we make changes.) Intel decided to talk turkey this week about a cornucopia of vulnerabilities that external (i.e. non-Intel) researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies Research — discovered in their chips. Yes: chips. Intel conducted a comprehensive review of their Intel® Management Engine

4 min Vulnerability Management

The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know

JoltandBleed vulnerabilities? What’s Up? Oracle recently issued emergency patches for five vulnerabilities: * CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server. * CVE-2017-10267 is a vulnerability of stack overflows. * CVE-2017-10278 is a vulnerability of heap overflows. * CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to bruteforce passwords of DomainPWD which i

2 min Metasploit Weekly Wrapup

Metasploit Wrapup: Nov. 17, 2017

This is a time of year when many folks in the U.S. reflect on things in their lives that they are thankful for. There’s also usually a turkey involved, but we figured we’d pardon the bird this wrapup and just focus on things we Metasploit folks here at Rapid7 are thankful for. Community Contributors We are SUPER THANKFUL for our community contributors an

2 min Public Policy

Welcome transparency on US government's process for disclosing vulnerabilities

The White House recently released details on the US government's process for disclosing - or retaining - zero-day vulnerabilities. The new VEP charter provides answers to several key questions, but it remains to be seen how it will operate in practice.

3 min

Deploying CSP Properly

Browser makers began implementing the Content Security Policy, or CSP specification back in 2011. Since then, many development teams and organizations have adopted CSP wholeheartedly to try and thwart XSS attacks, but it seems the effort may have been wasted for the majority. To analyze recent CSP adoption, Google performed an Internet-wide analysis on a search engine corpus of approximately 100 billion pages from over 1 billion hostnames; the result covers CSP deployments on 1,680,867 hos

4 min Threat Intel

Simplicity, Harmony, and Opportunity: Rapid7 Threat Report Q3 2017

John Archibald Wheeler, the theoretical physicist who first coined the term “wormhole” (and therefore brought us Deep Space 9) once listed Albert Einstein’s Three Rules of Work: > Out of clutter find simplicity; from discord find harmony; in the middle of difficulty lies opportunity. These rules seemed fitting for our third quarter threat report . Q3 brought us plenty of clutter, discord, and difficulty, but in this threat repo

1 min Patch Tuesday

Patch Tuesday - November 2017

Web browser issues account for two thirds of this month's patched vulnerabilities , with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these are classified as Critical (allowing code execution without user interaction). This is no surprise, as browser bugs are typically well represented on Patch Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie

2 min Application Security

Takeaways from 2017 SANS State of Application Security Survey

The training and research organization SANS recently released their 2017 State of Application Security survey results. The new report proves that now, more than ever, organizations need to invest in solutions that automate application security testing in order to reap benefits like: * Identifying security vulnerabilities earlier in the development cycle, when they’re cheaper to fix. * Reduced friction between Security and Development

3 min GDPR

GDPR Preparation: November – Form & Storm

With just over six months to go until the General Data Protection Regulation ( GDPR ) comes into force, organizations that handle the personal data of EU citizens are preparing for this new compliance regulation. If you’ve not gotten started yet, or your plans are still in their infancy, we’re creating a series of helpful blog posts to see you through to May 25th 2018. With holiday season fast approaching in many parts of the world, getting you

4 min Penetration Testing

Metasploit MinRID Option

We’ve added a new option to the smb_lookupsid Metasploit module . You can now specify your starting RID. Wait, What Does This Module Do Again? As a penetration tester, one of the first things I try to do on an internal network is enumerate all of the domain users so that I can perform login attacks against them. It would be a noteworthy risk if we could do that anonymously, because that means that any malicious actor who can