2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sep. 22, 2017
To celebrate this first day of Autumn, we've got a potpourri of "things
Metasploit" for you this week. And it might smell a bit like "pumpkin spice"...
Or it might not. Who knows?
Winter is Coming
If you're looking to finish filling your storehouse before the cold sets in,
we've got a couple of new gatherer modules to help. This new Linux post module
can
locate and pull TOR hostname and private key files for TOR hidden
4 min
Introducing Web Server Agents
We at tCell are excited to announce the availability of tCell’s Web Server Agent
(WSA). The WSA joins our stable of agents for JavaScript, Java, Ruby, Python,
Node.js, and .Net, extending our monitoring and protection capabilities to
common web servers (NGINX is available now, and we’re accepting requests to join
the tech preview for Apache and IIS.)
But first, why this move? For that, I’ll need to take you back a few years, when
people were All About that Bass and yelling “Timber”.
In the
7 min
Research
Cisco Smart Install Exposure
Cisco Smart Install (SMI) provides configuration and image management
capabilities for Cisco switches. Cisco’s SMI documentation
goes into more detail than we’ll be touching on in this post, but the short
version is that SMI leverages a combination of DHCP, TFTP and a proprietary TCP
protocol to allow organizations to deploy and manage Cisco switches. Using SMI
yields a number of be
4 min
InsightIDR
PCI DSS Dashboards in InsightIDR: New Pre-Built Cards
No matter how much you mature your security program
and reduce the
risk of a breach, your life includes the need to report across the company, and
periodically, to auditors. We want to make that part as easy as possible.
We built InsightIDR as a SaaS SIEM
on top of our proven User Behavior
Analytics (UBA)
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Sept. 15, 2017
It's been a hot minute since the last Metasploit Wrapup. So why not take in our
snazzy new Rapid7 blog makeover and catch up on what's been goin' down!
You can't spell 'Struts' without 'trust'
Or perhaps you can! With the all the current news coverage around an Apache
Struts vulnerability from earlier this year
(thanks to its
involvement in a consumer credit reporting agency data breach), there's a new
Struts vuln
4 min
Events
UNITED Summit: Day 2
After a jam-packed day one of Rapid7’s UNITED Summit
, the UNITED running club started the day
bright and early yet again.
The rest of us opened UNITED day two with a
fireside chat hosted by Jen Ellis , Rapid7 VP of Community
and Public Affairs, and a slew of prominent security commentators: Lares founder
Chris Nickerson , Mach37 Cyber’s
man
2 min
Detection and Response
The Legal Perspective of a Data Breach
The following is a guest post by Christopher Hart, an attorney at Foley Hoag and
a member of Foley Hoag’s cybersecurity incident response team. This is not meant
to constitute legal advice; instead, Chris offers helpful guidance for building
an incident preparation and breach response framework in your own organization.
A data breach is a business crisis that requires both a quick and a careful
response. From my perspective as a lawyer, I want to provide the best advice and
assistance I possibl
23 min
Komand
An Interview with Rebekah Brown, Co-Author of Intelligence-Driven Incident Response
We recently interviewed Rebekah Brown for our Defender Spotlight series
on the topic of her life
as a cybersecurity defender. When we spoke with her, she also talked in-depth
about how threat intelligence can inform and improve the incident response
lifecycle.
Rebekah practices these concepts in her day-to-day life as a defender, and she’s
even co-authored a book on this very topic called Intelligence-Driven Incident
Response
3 min
Nexpose
AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan
AWS instances present many challenges to security practitioners, who must manage
the spikes and dips of resources in infrastructures that deal in very
short-lived assets. Better and more accurate syncing of when instances are spun
up or down, altered, or terminated directly impacts the quality of security
data.
A New Discovery Connection
Today we’re excited to announce better integration between the Security Console
and Amazon Web Services with the new Amazon Web Services Asset Sync discovery
c
1 min
Patch Tuesday
Patch Tuesday - September 2017
It's a big month, with Microsoft patching
85 separate vulnerabilities including the two Adobe Flash Player Remote Code
Execution
(RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing
recent trends, the bulk of Critical RCE vulnerabilities are client-side,
primarily in Edge, IE,
2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
, is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
4 min
Government
Cybersecurity for NAFTA
When the North American Free Trade Agreement (NAFTA) was originally negotiated,
cybersecurity was not a central focus. NAFTA came into force – removing
obstacles to commercial trade activity between the US, Canada, and Mexico – in
1994, well before most digital services existed. Today, cybersecurity is a major
economic force – itself a large industry and important source of jobs, as well
as an enabler of broader economic health by reducing risk and uncertainty for
businesses. Going forward, cybe
3 min
Automation and Orchestration
RSA (Rivest, Shamir and Adleman)
Synopsis
Rivest, Shamir & Adleman (RSA) is the public key cryptosystem. The phenomenon
of data transmission is secured through it. The letters “RSA” are the initials
of the inventor of the system. Four steps are incorporated in this algorithm:
Encryption, Decryption, Key Distribution and Key Generation. After the
development of public-key cryptography, the most famous cryptosystem in the
world is RSA. In order to maintain proper security, the decryption exponent of
RSA must be greater than cer
3 min
Automation and Orchestration
What is Data Encryption Standard (DES)?
Synopsis
The Data which is encrypted by symmetric key method is called Data Encryption
Standard (DES). It was prepared by IBM Team in 1974 and declared as national
standard in 1977. Government was also using cryptography, especially in
diplomatic communication and military. Without cryptography it’s difficult to
interpret military communication. Cryptography was also used in commercial
sector. Federal Information Processing Standard (FIPS) was also working on DES.
FIPS was integrated with comput
4 min
Komand
How to Use Your Threat Model as a Guidepost for Security
The threats you face are unique to your company's size, industry, customer base,
and many other factors. So your approach to protecting your
organization's digital data should be unique, too.
In this post, we’ll cover a framework to develop an effective threat model that
will fits your organization's unique needs.
The Factors that Determine Your Unique Threat Model
There are many factors that can determine your threat model. And while this will
vary from company to company, we've identified th