7 min
Vulnerability Management
Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup
In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.
7 min
Vulnerability Management
Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline
When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.
1 min
Research
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.
1 min
InsightVM
Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.
3 min
Patch Tuesday
Patch Tuesday - March 2019
Today Microsoft released updates
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d]
that resolve over 60 different vulnerabilities. As usual, Windows, web browsers,
and SharePoint Server are all affected. Office gets off relatively lightly with
only a single vulnerability fixed (CVE-2019-0748
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748]
, a remote code execution (RCE) vulnerability in the Acces
3 min
Vulnerability Disclosure
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.
2 min
Research
Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know
This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.
3 min
Vulnerability Management
Why Most Vulnerability Management Programs Fail and What You Can Do About It
In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.
4 min
Vulnerability Management
Checkmate! How to Win at Vulnerability Management Using the Game of Chess
Because the mindset you use to win at chess is the same one you should strive for as an information security professional, you can learn a lot by examining its rules, players, and strategy.
3 min
Vulnerability Management
Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know
On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.
2 min
Patch Tuesday
Patch Tuesday - February 2019
Microsoft got back in the swing of things today after a couple of relatively
light months, with over 70 separate CVEs
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573]
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
8 min
Vulnerability Management
Understanding Ubiquiti Discovery Service Exposures
On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.
4 min
InsightVM
Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure
Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.
3 min
Research
Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know
Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.
2 min
Vulnerability Management
What WannaCry Taught Me About the Benefits of Agents in VM Programs
In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.