4 min
GDPR
Creating a Risk-Based Vulnerability Management Program for GDPR with InsightVM
The General Data Protection Regulation’s (GDPR)
[https://www.rapid7.com/solutions/compliance/gdpr/] deadline in 2018 is rapidly
approaching, and as companies prepare for GDPR compliance
[/2017/02/23/preparing-for-gdpr/], they’re facing a struggle that’s plagued
every security program for years: how to quantify that nebulous, scary thing
called “risk.” GDPR compliance [https://www.rapid7.com/fundamentals/gdpr/]
specifically talks about “risk” several times in its guidelines, particularly in
Arti
2 min
Patch Tuesday
Patch Tuesday - December 2017
No big surprises from Microsoft this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6]
, with 70% of the 34 vulnerabilities addressed being web browser defects. Most
of these are Critical Remote Code Execution (RCE) vulnerabilities, so
administrators should prioritize patching client workstations. It doesn't take
sophisticated social engineering tactics to convince most users to visit a
malicious web page, or a legitimate but
1 min
Vulnerability Management
CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability
I have Oracle Identity Manager running in my environment. What's going on? Am I
vulnerable?
Recently, we’ve been getting more than a few questions about the Oracle
Identity
Manager vulnerability (CVE-2017-10151)
[https://www.rapid7.com/db/vulnerabilities/oracle-oim-cve-2017-10151], which was
rated by Oracle with the most critical CVSS score of 10
[https://nvd.nist.gov/vuln/detail/CVE-2017-10151]. This is the highest possible
CVSS score, which represents a vulnerability with a low complexity for
5 min
Vulnerability Management
INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know
INTEL-SA-00086 vulnerabilities? What’s Up?
(Full update log at the end of the post as we make changes.)
Intel decided to talk turkey
[https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr]
this week about a cornucopia of vulnerabilities that external (i.e. non-Intel)
researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies
Research — discovered in their chips. Yes: chips. Intel conducted a
comprehensive review of their Intel® Management Engine
4 min
Vulnerability Management
The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know
JoltandBleed vulnerabilities? What’s Up?
Oracle recently issued emergency patches for five vulnerabilities:
* CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation
gives an attacker a chance to remotely read the memory of the server.
* CVE-2017-10267 is a vulnerability of stack overflows.
* CVE-2017-10278 is a vulnerability of heap overflows.
* CVE-2017-10266 is a vulnerability that makes it possible for a malicious
actor to bruteforce passwords of DomainPWD which i
1 min
Patch Tuesday
Patch Tuesday - November 2017
Web browser issues account for two thirds of this month's patched
vulnerabilities
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99]
, with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these
are classified as Critical (allowing code execution without user interaction).
This is no surprise, as browser bugs are typically well represented on Patch
Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie
6 min
Metasploit
Testing SMB Security with Metasploit Pro Task Chains: Part 2
This is part two of our blog series on testing SMB security with Metasploit Pro.
In the previous post, we explained how to use Metasploit Pro’s Task Chains
feature to audit SMB passwords automatically. Read it here
[/2017/10/31/testing-smb-server-security-with-metasploit-pro-task-chains-part-1/]
if you haven’t already.
In today’s blog post, we will talk about how to use a custom resource script in
a Task Chain to automatically find some publicly-known high-profile
vulnerabilities in SMB. Publi
3 min
IoT
ROCA: Vulnerable RSA Key Generation
In the KRACK-related and BadRabbit-related chaos of the past week and a half,
some people missed a less flashy vulnerability that nevertheless dug up key
long-term questions on IoT supply chains and embedded technology. The
Czech-based Center for Research on Cryptography and Security published research
last weekon a vulnerability (CVE-2017-15361) in the RSA key generation process
in a widely-used cryptographic software library found in Infineon secure chips.
Specifically:
“The algorithmic vulne
6 min
Vulnerability Management
The Wi-Fi KRACK Vulnerability: What You Need to Know
Everything you need to know about the recently disclosed KRACK vulnerability affecting Wi-Fi security protocols (WPA1 and WPA2).
3 min
InsightVM
InsightVM in the Azure Marketplace
Step-by-step guide to using InsightVM to scan your assets in Microsoft's cloud.
2 min
Patch Tuesday
Patch Tuesday - October 2017
Patch Tuesday round-up for October 2017
8 min
Vulnerability Management
No-Priority, Post-Auth Vulnerabilities
In the course of collecting and disclosing vulnerabilities, I occasionally come
across an issue that walks like a vuln, quacks like a vuln, but… it’s not
exactly a vuln. As per our usual vulnerability disclosure process
[https://www.rapid7.com/security/disclosure/], we still report these issues to
vendors. The behavior observed is nearly always a bug of some sort, but it’s not
immediately exploitable, or the “exploit” is merely exercising the expected
level of privilege, but in an unexpected con
1 min
Patch Tuesday
Patch Tuesday - September 2017
It's a big month, with Microsoft patching
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99]
85 separate vulnerabilities including the two Adobe Flash Player Remote Code
Execution
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013]
(RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing
recent trends, the bulk of Critical RCE vulnerabilities are client-side,
primarily in Edge, IE,
2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
[https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/]
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
[https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
3 min
Vulnerability Management
Live Threat-Driven Vulnerability Prioritization
We often hear that security teams are overwhelmed by the number of
vulnerabilities
[https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/] in their
environments: every day they are finding more than they can fix. It doesn't help
when rating schemes used for prioritization, like the Common Vulnerability
Scoring System (CVSS), don't really work at scale or take the threat landscape
into account. How do you know where to focus if your vulnerability management
solution [https://www.