5 min
Vulnerability Management
Drupalgeddon Vulnerability: What is it? Are You Impacted?
First up: many thanks to Brent Cook [/author/brent-cook/], William Vu
[/author/william-vu/] and Matt Hand for their massive assistance in both the
Rapid7 research into “Drupalgeddon” and their contributions to this post.
Background on the Drupalgeddon vulnerability
The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28
) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory
was released with a patch and CVE (CVE-2018-7600)
[https://www.rapid7.com/
2 min
InsightVM
Rapid7 InsightVM Named Best Vulnerability Management Solution by SC Magazine
SC Media has announced the 2018 SC Awards and (drumroll, please…)
InsightVM [https://www.rapid7.com/products/insightvm/] is proud to take top
honors as Best Vulnerability Management Solution in the Trust Awards category.
Our team works tirelessly day in and day out to bring SecOps best practices
[https://www.rapid7.com/solutions/secops/] to our customers, help our customers
secure their modern networks, and work across teams to solve their trickiest
problems. It means the world to us when th
5 min
Vulnerability Management
How to Remediate Vulnerabilities Across Multiple Offices
Your vulnerability scanner [https://www.rapid7.com/products/insightvm/] embarks
on its weekly scan. The report comes in, you fire it off to your IT team across
the country and...silence. Thinking they’re on it, you go on with your day,
until next week’s scan report comes in and you find out that not everything was
fixed and issues have progressed.
For companies with distributed offices, it can be tricky to communicate issues
to teammates you have limited facetime with, get things done quickly w
3 min
Patch Tuesday
Patch Tuesday - April 2018
Over 70 vulnerabilities have been fixed this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d]
, including 6 in Adobe Flash
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] (
APSB18-08
[https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]).
At a high level, there's nothing too out of the ordinary. Unfortunately, that
means the majority of the patched vulnerabilities are once ag
3 min
Vulnerability Management
Cisco Smart Install (SMI) Remote Code Execution
What You Need To Know
Researchers from Embedi discovered
[https://web.archive.org/web/20180828224625/https://embedi.com/blog/cisco-smart-install-remote-code-execution/]
(and responsibly disclosed) a stack-based buffer overflow weakness in Cisco
Smart Install Client code which causes the devices to be susceptible to
arbitrary remote code execution without authentication.
Cisco Smart Install (SMI) is a “plug-and-play” configuration and
image-management feature that provides zero-touch deployment
3 min
Vulnerability Management
Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management
Today, we’re excited to announce a major milestone for InsightVM
[https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The
Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in
both the Current Offering and Strategy categories. We are proud of the
achievement not only because of years of hard work from our product team, but
also because we believe that it represents the thousands of days and nights
spent working with customers to understand the challen
2 min
Patch Tuesday
Patch Tuesday - March 2018
There are a lot of fixes this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d]
: Microsoft's updates include patches for 76 separate vulnerabilities, including
two critical Adobe Flash Player remote code execution (RCE) vulnerabilities
[https://helpx.adobe.com/security/products/flash-player/apsb18-05.html].
In fact all of this month's critical vulnerabilities are browser-related. This
is not surprising considering web brows
4 min
CIS Controls
CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services
This is a continuation of our CIS Critical Control Series blog series. Need help
addressing these controls? See why SANS listed Rapid7 as the top solution
provider addressing the CIS top 20 controls
[https://www.rapid7.com/solutions/compliance/critical-controls/].
If you’ve ever driven on a major metropolitan highway system, you’ve seen it:
The flow of traffic is completely engineered. Routes are optimized to allow
travelers to reach their destinations as quickly as possible. Traffic laws
speci
2 min
Patch Tuesday
Patch Tuesday - February 2018
It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual
CVEs have been fixed
[https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft,
most of which (34) are rated "Important". As usual, most of the 14 considered
"Critical" are web browser vulnerabilities that could lead to remote code
execution (RCE). The most concerning non-browser issue is CVE-2018-0825
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825]
, an RCE i
2 min
InsightVM
Vulnerability Management Year in Review, Part 3: Remediate
The wide impact
[https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/] of the
Petya-like ransomware
[https://www.rapid7.com/blog/post/2017/06/27/petya-ransomware-explained/] in
2017, mere weeks after WannaCry
[https://www.rapid7.com/blog/post/2017/05/12/wanna-decryptor-wncry-ransomware-explained/]
exploited many of the same vulnerabilities, illustrated the challenge that
enterprises have with remediating even major headline-grabbing vulnerabilities,
let alone the many vulnerabil
4 min
InsightVM
A RESTful API for InsightVM
With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks
to genre-bending vulnerabilities like Meltdown and Spectre
[/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/]
the future would seem a bit blurry. Louis Pasteur
[https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote:
“Chance favors the prepared mind.” Pasteur’s work precedes information security
as we know it today by a century, but as an an individu
3 min
InsightAppSec
3 Questions to Ask When Prioritizing Web Application Vulnerabilities
Dynamic application security testing (DAST) often results in a constantly
evolving list of security vulnerabilities. When scanning a web application
[https://www.rapid7.com/fundamentals/web-application-security/] in production or
in an active testing environment, issues can crop up as quickly as changes
happen within the app. And when exposed to the internet itself, there are many
more ways in which security vulnerabilities
[https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/]
3 min
Patch Tuesday
Patch Tuesday - January 2018
The first Microsoft patches of 2018 came early, with new updates released late
Wednesday, January 3rd. Although this was due to the (somewhat
[https://www.freebsd.org/news/newsflash.html#event20180104:01]) coordinated
disclosure of the Meltdown and Spectre
[/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/]
vulnerabilities, last week’s updates also contained fixes for 33 additional
CVEs. These days, Microsoft releases their OS updates as monolithi
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12
months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only
eleven months this year, thanks to Microsoft canceling
[https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/]
most of February’s planned fixes. This coincided with when they’d planned to
[https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/]
roll out their