All Posts

R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.

An update on trade

In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.

8 min InsightIDR

How to Analyze Your Log Data Using the Log Search API in InsightIDR

In this blog, we discuss how to analyze your log data using InsightIDR's Log Search API.

3 min Metasploit

Metasploit Wrap-up: 1/24/20

Transgressive Traversal Contributor Dhiraj Mishra authored a neat Directory Traversal module targeted at NVMS-1000 Network Surveillance Management Software developed by TVT Digital Technology. Permitting the arbitrary downloading of files stored on a machine running compromised software , this module becomes all the more attractive when you consider it's providing

3 min Cloud Security

Seven Tips for Better Cloud Security in 2020

In this blog post, we will highlight seven tips for shoring up your cloud security in the new year.

2 min InsightConnect

Discover the New BMC Remedy ITSM Plugin for InsightConnect

The BMC plugin focuses on the automation of incidents in BMC, with the goal of freeing up analysts’ time so they can focus on resolving issues.

3 min Vulnerability Management

Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model

In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.

4 min InsightVM

Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams

If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.

4 min Research

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.

2 min Metasploit

Metasploit Wrap-Up: 1/17/20

Silly admin, Citrix is for script kiddies A hot, new module has landed in Metasploit Framework this week. It takes advantage of CVE-2019-19781 which is a directory traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. This exploit takes advantage of unsanitized input within the URL structure of one of the API endpoints to access specified directories. Conveniently there is a directory available that house

10 min Vulnerability Management

How to Get Started with the InsightVM Integration for ServiceNow CMDB

Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.

2 min Vulnerability Management

Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know

In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.

3 min PCI

How PCI Compliance Helps Keep Your App’s Credit Card Data Safe

In this blog, we break-down why you and your organization should be committed to the Payment Card Industry Data Security Standard (PCI DSS, or PCI).

5 min Metasploit

Announcing the 2020 Metasploit Community CTF

Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.