5 min
Metasploit
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Friday's
Shadow Broker exploit and tool release
[https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/]
and answering questions from colleagues, customers, and family members about the
release. We know that many people have questions about exactly what was
released, the threat it poses, and how to respond, so we have decided to compile
a list of frequently asked question
3 min
InsightVM
InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)
In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity
inherent in security analytics. This reality was introduced first to our
InsightIDR [https://www.rapid7.com/products/insightidr/] users, who now had the
capabilities of a SIEM [https://rapid7.com/solutions/siem/], powered by user
behavior analytics (UBA) [https://rapid7.com/solutions/user-behavior-analytics/]
and endpoint detection
[https://www.rapid7.com/solutions/endpoint-detection-and-response/]. Soon we
started
1 min
Application Security
Apache Struts Vulnerability (CVE-2017-5638) Protection: Scanning with Nexpose
On March 9th, 2017 we highlighted the availability of a vulnerability check in
Nexpose for CVE-2017-5638
[https://rapid7.com/db/modules/exploit/multi/http/struts2_content_type_ognl] –
see the full blog post describing the Apache Struts vulnerability here
[/2017/03/09/apache-jakarta-vulnerability-attacks-in-the-wild]. This check would
be performed against the root URI of any HTTP/S endpoints discovered during a
scan.
On March 10th, 2017 we added an additional check that would work in conjunctio
1 min
Nexpose
CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin
On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's
WebEx browser plugin extension that could allow attackers to perform a remote
code execution (RCE) exploit on any Windows host running the plugin.
An initial fix was pushed out by Cisco that warned a user if they were launching
a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the
fix was questioned by April King from Mozilla
[https://bugs.chromium.org/p/project-zero/issues/detail?id=1096#c
2 min
Nexpose
Scan Configuration Improvements in Nexpose
A common request we hear from customers is for the ability to schedule scans on
individual assets, or on subsets of assets.
Currently, you can start a manual scan and choose specific IPs, engine and
template, but you need to have permissions to create sites in order to schedule
such a scan.
Good news!
In version 6.4.18 version of Nexpose, released Jan 25th 2017, we've addressed
this! Now individual site owners can create schedules and choose specific IP's,
ranges or asset groups to kick off a
2 min
Nexpose
Maximizing PCI Compliance with Nexpose and Coalfire
In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build
their PCI Approved Scan Vendor offering. PCI was just a few years old and
merchants were struggling to achieve and document full compliance with the
highly proscriptive Data Security Standard. Our goal was to find that classic
sports car blend of style and power: a vulnerability assessment solution that
was as streamlined and easy to use as possible, but robust enough to
significantly improve the customer's security.
3 min
Nexpose
macOS Agent in Nexpose Now
As we look back on a super 2016, it would be easy to rest on one's laurels and
wax poetic on the halcyon days of the past year. But at Rapid7 the winter
holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now
available within Nexpose Now.
Live Monitoring for macOS
Earlier this year, we introduced Live Monitoring for Endpoints with the release
of a Windows agent for use with Nexpose Now. The feedback from the Community has
been great (and lively!) and now we're back with a
3 min
Nexpose
"Informational" Vulnerabilities vs. True Vulnerabilities
A question that often comes up when looking at vulnerability management
[https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/]
tools is, “how many vulnerability checks do you have?” It makes sense on the
surface; after all, less vulnerability checks = less coverage = missed
vulnerabilities during a scan right?
As vulnerability researchers would tell you, it's not that simple: Just as not
all vulnerabilities are created equal, neither are vulnerability checks.
How “True”
3 min
Nexpose
Nexpose Dimensional Data Warehouse and Reporting Data Model: What's the Difference?
The Data Warehouse Export recently
[/2016/11/24/dimensional-data-warehouse-export-part-of-nexpose-646] added
support for a Dimensional Model for its export schema. This provides a much more
comprehensive, accessible, and scalable model of data than the previous (now
referred to as "Legacy") model. The foundation for this dimensional model is the
same as the Reporting Data Model, which backs the built-in reporting for SQL
Query Export. So what exactly is the difference between the Reporting Data
4 min
Nexpose
Nexpose: Live Assessment and the Passive Scanning Trap
With the launch of Nexpose Now in June, we've talked a lot about the “passive
scanning trap” and “live assessment” in comparison. You may be thinking: what
does that actually mean? Good question.
There has been confusion between continuous monitoring and continuous
vulnerability assessment – and I'd like to propose that a new term “continuous
risk monitoring” be used instead, which is where Adaptive Security and Nexpose
Now fits. The goal of a vulnerability management program
[https://www.rapid
3 min
Nexpose
Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job
Nexpose supports a variety of complementary reporting solutions that allows you
to access, aggregate, and take action upon your scan data. However, knowing
which solution is best for the circumstance can sometimes be confusing, so let's
review what's available to help you pick the right tool for the job.
I want to pull a vulnerability assessment report out of Nexpose. What are my
options?
Web Interface
The Nexpose web interface provides a quick and easy way to navigate through your
data. You ca
3 min
Nexpose
Dimensional Data Warehouse Export, Part of Nexpose 6.4.6
Can You Be Trusted with the Sword of a Thousand Truths?
Does the vision of what you want to accomplish appear to you so clearly that it
seems real? After all, you already have the custom integrations, tools, and
workflows set that make the most sense in your world. They are tailored to your
organization's unique needs. They are tuned and ready to go – or at least they
would be if only you could just get your data. You know that with this, you'd be
unstoppable.
You want the Sword of a Thousand
3 min
Nexpose
Patch Tuesday, November 2016
November [https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx]
continues a long running trend with Microsoft's products where the majority of
bulletins (7) address remote code execution (RCE), closely followed by elevation
of privilege (6) and security feature bypass (1). All of this month's critical
bulletins are remote code execution vulnerabilities, affecting a variety of
products and platforms including Edge, Internet Explorer, Exchange, Microsoft
Office, Office Services and
3 min
Nexpose
Nexpose and DXL Integration: Now We're Talking
Staying Ahead of New Vulnerabilities
The security threat landscape is constantly shifting and there are a multitude
of solutions for managing threats. An unfortunate effect of having a large
toolbox is, the more tools and vendors you have in your toolbox, the more
complex your management task becomes. When one facet of your security
infrastructure becomes aware of risks, how can you most effectively utilize your
full security ecosystem to combat them? With Nexpose's Adaptive Security,
integratio
3 min
Nexpose
Publishing Nexpose Asset Risk Scores to ePO
Security professionals today face great challenges protecting their assets from
breaches by hackers and malware. A good vulnerability management solution
[https://www.rapid7.com/solutions/vulnerability-management/] could help mitigate
these challenges, but vulnerability management solutions often produce huge
volumes of data from scanning and require lots of time spent in differentiating
between information and noise.
Rapid7 Nexpose [https://www.rapid7.com/products/nexpose/] helps professionals