1 min
Vulnerability Management
CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability
I have Oracle Identity Manager running in my environment. What's going on? Am I
vulnerable?
Recently, we’ve been getting more than a few questions about the Oracle
Identity
Manager vulnerability (CVE-2017-10151)
[https://www.rapid7.com/db/vulnerabilities/oracle-oim-cve-2017-10151], which was
rated by Oracle with the most critical CVSS score of 10
[https://nvd.nist.gov/vuln/detail/CVE-2017-10151]. This is the highest possible
CVSS score, which represents a vulnerability with a low complexity for
3 min
InsightVM
InsightVM in the Azure Marketplace
Step-by-step guide to using InsightVM to scan your assets in Microsoft's cloud.
3 min
Nexpose
AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan
AWS instances present many challenges to security practitioners, who must manage
the spikes and dips of resources in infrastructures that deal in very
short-lived assets. Better and more accurate syncing of when instances are spun
up or down, altered, or terminated directly impacts the quality of security
data.
A New Discovery Connection
Today we’re excited to announce better integration between the Security Console
and Amazon Web Services with the new Amazon Web Services Asset Sync discovery
c
2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
[https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/]
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
[https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
2 min
InsightVM
Wanna see WannaCry vulns in Splunk?
Do you want to see your WannaCry
[https://www.rapid7.com/security-response/wanna-decryptor/] vulns all in one
dashboard in Splunk? We've got you covered.
Before you start, make sure you have these two apps installed in your Splunk
App:
* Rapid7 Nexpose Technology Add-On for Splunk
[https://splunkbase.splunk.com/app/3457/]
* Rapid7 Nexpose for Splunk [https://splunkbase.splunk.com/app/3492/]
Steps
1. Follow the directions in this blog post
[https://www.rapid7.com/blog/post/2017/05/17/sc
3 min
Nexpose
InsightVM/Nexpose Patch Tuesday Reporting
Many of our customers wish to report specifically on Microsoft patch related
vulnerabilities
[https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/]. This
often includes specific vulnerabilities that are patched in Patch Tuesday
updates. This post will show you the various ways that you can create reports
for each of these.
Remediation Projects
Remediation Projects are a feature included in InsightVM
[https://www.rapid7.com/products/insightvm/] that allow you to get a live view
2 min
Nexpose
Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose
Just when you'd finished wiping away your WannaCry
[/2017/05/12/wanna-decryptor-wncry-ransomware-explained] tears, the interwebs
dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494
[https://www.rapid7.com/db/vulnerabilities/samba-cve-2017-7494] (no snazzy name
as of the publishing of this blog, but hopefully something with a Lion King
reference will be created soon).
As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's
overview of the Samba vulnerabil
4 min
Container Security
Modern Network Coverage and Container Security in InsightVM
For a long time, the concept of “infrastructure” remained relatively unchanged:
Firewalls, routers, servers, desktops, and so on make up the majority of your
network. Yet over the last few years, the tides have begun to shift.
Virtualization is now ubiquitous, giving employees tremendous leeway in their
ability to spin up and take down new machines at will. Large chunks of critical
processes and applications run in cloud services like Amazon Web Services (AWS)
and Microsoft Azure. Containers hav
4 min
InsightVM
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone
control. It can be difficult to know how to make meaningful progress in your
vulnerability management program
[https://www.rapid7.com/solutions/vulnerability-management/] when simply
maintaining visibility can be a struggle. One way to get some leverage is to
make wise use of asset discovery
[https://www.rapid7.com/fundamentals/what-is-it-asset-discovery/]. If you are
able to tap into repositories or sources of assets, you
5 min
Microsoft
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are
increasingly asked to do more with less. They simply cannot remediate
everything; it has never been more important to prioritize and drive
remediations from start to finish.
The Remediation Workflow capability in InsightVM
[https://www.rapid7.com/products/insightvm/] was designed to drive more
effective remediation efforts by allowing users to project manage efforts both
large and small. Remediation Workflow is designed
3 min
InsightVM
InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)
In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity
inherent in security analytics. This reality was introduced first to our
InsightIDR [https://www.rapid7.com/products/insightidr/] users, who now had the
capabilities of a SIEM [https://rapid7.com/solutions/siem/], powered by user
behavior analytics (UBA) [https://rapid7.com/solutions/user-behavior-analytics/]
and endpoint detection
[https://www.rapid7.com/solutions/endpoint-detection-and-response/]. Soon we
started