2 min
Patch Tuesday
Patch Tuesday - October 2019
This month's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573]
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
and nothing that could allow worms to proliferate. And nothing from Adobe
[https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's
nothing to do: Microsoft still published 59 CVE
5 min
Project Sonar
Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice
On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.
5 min
Vulnerability Management
How DHS and MITRE Collaborate to Validate Vulns
In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.
3 min
InsightVM
Four Ways to Improve Automated Vulnerability Management Efficiency with SOAR
In this post, we’ll cover four ways to leverage security orchestration and automation (SOAR) to improve your vulnerability management program and save time in the process.
4 min
Vulnerability Management
CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know
On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.
5 min
Cloud Infrastructure
How to Set Up InsightVM in Your Google Cloud Environment
In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.
8 min
AWS
Automating the Cloud: AWS Security Done Efficiently
Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.
2 min
Patch Tuesday
Patch Tuesday - August 2019
First off, the big news for today's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d]
: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities,
reminiscent of the BlueKeep
[/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/]
vulnerability (CVE-2019-0708
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708]
) that was patched last May. CVE-2019-11
2 min
Vulnerability Management
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.
3 min
Vulnerability Management
BlueKeep Exploits May Be Coming: Our Observations and Recommendations
Rapid7 Labs has observed a significant uptick in malicious RDP activity since the release of CVE-2019-0708 (aka “BlueKeep”).
2 min
InsightVM
Ensuring Timely Remediation of Security Risks with Service-Level Agreements (SLAs) in InsightVM
Rapid7 makes it easy for you to set up and track service-level agreements (SLAs) in InsightVM.
9 min
Vulnerability Management
So, You Think You Can Query?
In this blog, we are going to explore the basics of how to make queries in our cloud-based vulnerability management solution, InsightVM.
2 min
InsightVM
How Rapid7’s AWS Security Hub Integrations Increase Cloud Visibility and Automate Security Operations
As part of our ongoing commitment to support customers using Amazon Web Services (AWS), Rapid7 announces integrations with the AWS Security Hub for vulnerability management and SOAR solutions.
3 min
InsightVM
Rapid7 Releases Cloud Configuration Assessment Capabilities in InsightVM
Rapid7 is pleased to announce that we have released new Cloud Configuration Assessment capabilities in our InsightVM vulnerability management solution.
3 min
InsightVM
Blocking User Access to Vulnerable Assets with CyberArk and InsightVM
With InsightVM's new integration with the CyberArk Privileged Access Security Solution, user access to vulnerable assets can be automatically restricted until the issue is eliminated.