17 min
Vulnerability Disclosure
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary
In October of 2016, former Rapid7 researcher Phil Bosco
discovered a number of relatively low-risk
vulnerabilities and issues involving home security systems that are common
throughout the United States, and which have significant WiFi or Ethernet
capabilities. The three systems tested were offerings from Comcast XFINITY, ADT,
and AT&T Digital Life, and the issues discovered ranged from an apparent "fail
open" condition on the external door and
4 min
Ransomware
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available
in Metasploit for testing your compensating controls and validating
remediations. More info: EternalBlue: Metasploit Module for MS17-010
. Also
removed steps 5 and 6 from scan instructions as they were not strictly necessary
and causing issues for some customers.
*Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts
that ar
6 min
Ransomware
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)
WannaCry Overview
Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna
Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding
computers for ransom at hospitals, government offices, and businesses. To recap:
WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file
sharing protocol. It spreads to unpatched devices directly connected to the
internet and, once inside an organization, those machines and devices behind the
firew
5 min
Komand
Top Threat Actors and Their Tactics, Techniques, Tools, and Targets
With new threats emerging every day (over 230,000 new malware strains
are released into the wild daily), it's tough to stay on top of the the latest
ones, including the actors responsible for them.
A threat actor is an individual or group that launches attacks against specific
targets. These actors usually have a particular style they prefer to focus on.
In this post, we will do a deep dive into so
3 min
Threat Intel
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence
Cyber Threat Intelligence is analyzed information about the opportunities,
capabilities, and intent of cyber adversaries. The goal of cyber threat
intelligence
is to help people make decisions about how to prevent, detect, and respond to
threats against their networks. This can take a number of forms, but the one
people almost always turn to is IOCs. IOCs, or indicators of compromise, are
tech
3 min
Metasploit
Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story
Integrating InsightVM or Nexpose
(Rapid7's vulnerability management
solutions ) with
Metasploit (our penetration
testing solution ) is a
lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules
4 min
Ransomware
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017.
This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst —
literally — onto the scene with one of the initial targets being the British
National Health Service . According to
The Guardian: the “unprecedented attack… affected 12 countries and at least 16
NHS trusts in the UK, compromising IT systems that underpin patient safety.
Staff across the NHS were locked out of their computers and trusts had to divert
em
4 min
Public Policy
White House Cybersecurity Executive Order Summary
Yesterday President Trump issued an Executive Order on cybersecurity:
“Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure.”
The Executive Order (EO) appears broadly positive and well thought out, though
it is just the beginning of a long process and not a sea change in itself. The
EO directs agencies to come up with plans
1 min
Vulnerability Disclosure
On the lookout for Intel AMT CVE-2017-5689
We've had some inquiries about checks for CVE-2017-5689, a vulnerability
affecting Intel AMT devices. On May 5th, 2017, we released a potential
vulnerability check that can help identify assets that may be vulnerable. We
initially ran into issues with trying to determine the exact version of the
firmware remotely, and so a potential check was released so that you would still
be able to identify devices that may be impacted by this.
We didn't stop there though. As part of yesterday's Nexpose rel
4 min
InsightVM
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone
control. It can be difficult to know how to make meaningful progress in your
vulnerability management program
when simply
maintaining visibility can be a struggle. One way to get some leverage is to
make wise use of asset discovery
. If you are
able to tap into repositories or sources of assets, you
3 min
Simplifying Account Takeover Protection
Account takeover
(ATO) is difficult to prevent against because it can go unnoticed for years
until a customer notices something is amiss. It’s tedious and requires detailed
logging as well as flexible query ability to survey for it ‘by hand’.
Many consumer-facing companies try to create in-house solutions, but it can take
years to develop the tools to even do ‘machine assisted’ ATO detection. Even
the
4 min
Komand
The Real Cost of Manual Security Operations
More tools, processes, or people doesn’t always equal better security. In fact,
the more you have to manage, the costlier it can get. But as threats evolve,
technologies and processes change, and so too must security operations.
If your security operations are highly manual today, this post will help you
visualize what that is costing your organization, not just from a monetary
standpoint, but from an efficiency and speed perspective, too. We’ll start by
looking at the three major areas of secu
4 min
Penetration Testing
IoT Security Testing Methodology
By
Deral Heiland IoT - IoT Research Lead Rapid7
Nathan Sevier - Senior Consultant Rapid7
Chris Littlebury - Threat Assessment Manage Rapid7
End-to-end ecosystem methodology
When examining IoT technology, the actionable testing focus and methodology is
often applied solely to the embedded device. This is short sighted and
incomplete. An effective assessment methodology should consider the entire IoT
solution or as we refer to it, the IoT Product Ecosystem. Every interactive
component that makes
2 min
Microsoft
Patch Tuesday - May 2017
It's a relatively light month as far as Patch Tuesdays go, with Microsoft
issuing fixes for a total of seven vulnerabilities as part of their standard
update program. However, an eighth, highly critical vulnerability (CVE-2017-0290
) that had some of the security community buzzing over the weekend was also
addressed late
Monday evening. A flaw in the
4 min
Automation and Orchestration
ChatOps for Security Operations
Synopsis
Bots are tiny helpers that can be part of any applications and are well suited
for a large scale, repetitive and real time tasks. They enable highly qualified
security teams to focus on more productive tasks such as building, architecting
and deploying rather than get occupied with menial tasks. Additionally, they act
as sharing and learning tools for everyone in the organizations and provide
context for all conversations and collaborations.
Benefits of ChatOps for Security
ChatOps