7 min
Vulnerability Management
Patch Tuesday - January 2021
We arrive at the first Patch Tuesday of 2021 (2021-Jan
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan]) with 83
vulnerabilities across our standard spread of products. Windows Operating
System vulnerabilities dominated this month's advisories, followed by Microsoft
Office (which includes the SharePoint family of products), and lastly some from
less frequent products such as Microsoft System Center and Microsoft SQL Server.
Vulnerability Breakdown by Software Family
FamilyVulnera
3 min
InsightVM
Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution
Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals.
3 min
InsightVM
How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM
In this blog, we will be focusing on a simple use case that enables your organization to achieve greater visibility into your policy customization process.
4 min
Vulnerability Management
The Risky Business: Rapid7 Report Highlights Need for Improved Vulnerability Management Practices
Based on the assessment of 24 service protocols, Rapid7’s NICER revealed key insights about the current state of the internet.
7 min
Vulnerability Management
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.
2 min
InsightVM
New All Apps and Asset Report Combines Power of InsightVM and InsightAppSec for Boosted Visibility
When speaking with customers, we continue to hear that they are looking for more visibility into their vulnerability risk management activities.
5 min
Under the Hoodie
2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.
6 min
InsightVM
How to Create an OS-Based Policy Scanning Workflow in InsightVM
In this blog, we provide a step-by-step walkthrough of how to create an OS-based policy scanning workflow in InsightVM.
3 min
Vulnerability Management
Threat and Vulnerability Management Best Practices
In this blog post, we provide a high-level overview of vulnerability management and why it’s critical for modern businesses.
3 min
Vulnerability Management
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management
programs
[https://www.rapid7.com/fundamentals/vulnerability-management-program-framework/]
focused solely on servers, running quarterly scans that targeted only critical
systems.
But that was then, and you can’t afford such a limited view in the now. Truth
is, vulnerability exploitation now happens indiscriminately across the modern
attack surface—from local and remote endpoints to on-prem and cloud
infrastructure to we
3 min
Vulnerability Management
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved,
Microsoft covers 112 CVEs this November affecting products ranging from our
standard Windows Operating Systems and Microsoft Office products to some new
entries such as Azure Sphere.
Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege
Vulnerability
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087]
Coming as no surprise to anyone, the previously disclosed CVE-2020-17087
zero-day
2 min
News
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.
3 min
Vulnerability Management
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.
2 min
InsightVM
Rapid7 Announces Improvements to Goals and SLAs in InsightVM
We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.
14 min
InsightVM
Scan Template Best Practices in InsightVM
This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.