2 min
InsightConnect
Discover the New BMC Remedy ITSM Plugin for InsightConnect
The BMC plugin focuses on the automation of incidents in BMC, with the goal of freeing up analysts’ time so they can focus on resolving issues.
3 min
Vulnerability Management
Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model
In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.
4 min
InsightVM
Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams
If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.
4 min
Research
Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.
2 min
Metasploit
Metasploit Wrap-Up: 1/17/20
Silly admin, Citrix is for script kiddies
A hot, new module
has landed in Metasploit Framework this week. It takes advantage of
CVE-2019-19781 which is a directory traversal vulnerability in Citrix
Application Delivery Controller (ADC) and Gateway. This exploit takes advantage
of unsanitized input within the URL structure of one of the API endpoints to
access specified directories. Conveniently there is a directory available that
house
10 min
Vulnerability Management
How to Get Started with the InsightVM Integration for ServiceNow CMDB
Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.
2 min
Vulnerability Management
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.
3 min
PCI
How PCI Compliance Helps Keep Your App’s Credit Card Data Safe
In this blog, we break-down why you and your organization should be committed to the Payment Card Industry Data Security Standard (PCI DSS, or PCI).
5 min
Metasploit
Announcing the 2020 Metasploit Community CTF
Metasploit's community CTF is back! Starting January 30, players will have four days to find flags and win points and glory. Teams welcome.
3 min
Vulnerability Management
Patch Tuesday - January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
Microsoft by the NSA: CVE-2020-0601
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
4 min
InsightVM
How to Define and Communicate Vulnerability Risk Across Your Company
In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.
4 min
InsightVM
Simplify Your Data Search with Query Builder in InsightVM
Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.
5 min
Risk Management
Challenges and Best Practices with Vulnerability Risk Management Collaboration
We sat down with VRM professionals to discuss best practices, challenges, and personal approaches to make vulnerability risk management a priority.
4 min
InsightAppSec
Automating Application Security Processes with the InsightAppSec API
In this blog, we discuss how task automation can free up extra time for development and security teams in the web application life cycle.
3 min
Detection and Response
InsightIDR: 2019 Year in Review
As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on some of our most exciting updates from InsightIDR.