2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/31/19
Unauthenticated scanner for BlueKeep, community hackathon in Austin, and the usual long list of fixes and enhancements.
7 min
Application Security
Hidden Helpers: Security-Focused HTTP Headers
This blog includes real-world scenarios in which attackers can manipulate unsecured HTTP headers and how to prevent your organization from falling victim.
3 min
Vulnerability Management
Why Patch Management Is Crucial for Securing Your Organization
With the deluge of assets flooding corporate networks, organizations need to have a solid patch management strategy in place.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/24/19
BSD love
Outside of macOS, not many people run (or run into) a BSD-flavored system very
often. Even still, bcoles and space-r7
teamed up for a pair of BSD enhancements. The
first, a privilege escalation, affects FreeBSD's runtime linker dealing with
LD_PRELOAD in FreeBSD 7.1, 7.2, and 8.0. The next enhancement adds BSD targets
to our known-credential ssh executor which now allows BSD-specific payloads. Not
wanting macOS to be left out ti
3 min
InsightCloudSec
What Is Cloud Security Posture Management (CSPM)?
As the cloud grows, so too does the playing field of participants. Between infrastructure management (IaaS, PaaS, fPaaS, SaaS, Raas) security, CI/CD, and trying to navigate all of the nuances in between, it’s difficult to keep track of what each category of tooling includes.
2 min
SIEM
SIEM Delivery Models: Where Do Today’s Risks and Future Technology Lead Us?
Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.
9 min
Vulnerability Disclosure
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: May 17, 2019
Take a moment from this week's barrage of vulnerabilities in seemingly everything to see the cool stuff happening with the Metasploit team of contributors: a video interview between two greats, a new exploit module in GetSimple CMS, and a whole host of improvements.
4 min
Rapid7 Culture
The Last Chip
You can learn a lot about an organization—and its leadership team—by eating chips at the airport waiting for a delayed flight.
2 min
Vulnerability Management
How SOAR Is Disrupting Traditional Vulnerability Management
In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management.
5 min
Ransomware
WannaCry, Two Years On: Current Threat Landscape
In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.
9 min
Vulnerability Management
Medical Device Security, Part 3: Putting Safe Scanning into Practice
In this blog post, we put the theory we've built out in our medical device scanning series into practice.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 5/10/19
A new Chrome browser exploit, some WebLogic RCE, and an exploit for PostgreSQL. Also announcing the return of our annual Open-Source Security Meetup in Vegas!
4 min
Research
Extracting Firmware from Microcontrollers’
Onboard Flash Memory, Part 4
In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.
7 min
Vulnerability Management
Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup
In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.