3 min
Vulnerability Management
How to Measure the ROI of Your Vulnerability Risk Management Solution
In this blog, we discuss the seven key criteria you should consider when picking and measuring the efficacy of a vulnerability management solution.
2 min
Vulnerability Disclosure
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.
4 min
Government
An update on trade
In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.
8 min
InsightIDR
How to Analyze Your Log Data Using the Log Search API in InsightIDR
In this blog, we discuss how to analyze your log data using InsightIDR's Log Search API.
3 min
Metasploit
Metasploit Wrap-up: 1/24/20
Transgressive Traversal
Contributor Dhiraj Mishra authored a neat Directory
Traversal module
targeted at NVMS-1000 Network Surveillance Management Software developed by TVT
Digital Technology. Permitting the arbitrary downloading of files stored on a
machine running compromised software
, this module becomes all the more attractive when you consider it's providing
3 min
Cloud Security
Seven Tips for Better Cloud Security in 2020
In this blog post, we will highlight seven tips for shoring up your cloud security in the new year.
2 min
InsightConnect
Discover the New BMC Remedy ITSM Plugin for InsightConnect
The BMC plugin focuses on the automation of incidents in BMC, with the goal of freeing up analysts’ time so they can focus on resolving issues.
3 min
Vulnerability Management
Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model
In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.
4 min
InsightVM
Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams
If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.
4 min
Research
Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.
2 min
Metasploit
Metasploit Wrap-Up: 1/17/20
Silly admin, Citrix is for script kiddies
A hot, new module
has landed in Metasploit Framework this week. It takes advantage of
CVE-2019-19781 which is a directory traversal vulnerability in Citrix
Application Delivery Controller (ADC) and Gateway. This exploit takes advantage
of unsanitized input within the URL structure of one of the API endpoints to
access specified directories. Conveniently there is a directory available that
house
10 min
Vulnerability Management
How to Get Started with the InsightVM Integration for ServiceNow CMDB
Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.
2 min
Vulnerability Management
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.
3 min
PCI
How PCI Compliance Helps Keep Your App’s Credit Card Data Safe
In this blog, we break-down why you and your organization should be committed to the Payment Card Industry Data Security Standard (PCI DSS, or PCI).
5 min
Metasploit
Announcing the 2020 Metasploit Community CTF
Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.