2 min
Patch Tuesday
Patch Tuesday - February 2018
It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual
CVEs have been fixed
by Microsoft,
most of which (34) are rated "Important". As usual, most of the 14 considered
"Critical" are web browser vulnerabilities that could lead to remote code
execution (RCE). The most concerning non-browser issue is CVE-2018-0825
, an RCE i
4 min
Coinhive: Making Other People’s Web Browsers Mine Cryptocurrency
Over the weekend, we had a discussion at tCell about cryptocurrency, because
there was a rash of stories
about
cryptocurrency mining being done through malicious JavaScript. (Scott Helme of
securityheaders.io noted that the Information
Commissioner’s Office, the UK’s data privacy regulator, was among the many web
sites affected .)
According
4 min
Endpoint Security
Why Managed Detection and Response Zeroes In On the Endpoint
This post was co-written with Wade Woolwine
, Rapid7 Director of Managed
Services.
What three categories do attackers exploit to get on your corporate network?
Vulnerabilities, misconfigurations, and credentials. Whether the attack starts
by stealing cloud service credentials, or exploiting a vulnerability on a
misconfigured, internet-facing asset, compromising an internal asset is a great
milestone for an intruder.
Once an endpoint is comprom
3 min
Compliance
HIPAA Security Compliance Fallacies (And How To Avoid Them)
Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t
been what I thought it was going to be. When I first started out as an
independent security consultant, I was giddy over the business opportunities
that I just knew HIPAA compliance was going to bring. Around that time, I
learned something from sales expert, Jeffrey Gitomer, that has had a profound
impact on my career. He said that if you work for yourself and are in sales,
which I am, that you must write and speak if
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 2/9/18
Teenage ROBOT Returns
Imagine the joy robot parents must feel when their infant leaves home and
returns as a teenager. ROBOT (Return of Bleichenbacher Oracle Threat)
is a 19-year-old vulnerability that allows RSA decryption and signing with the
private key of a TLS server. It allows for an adaptive-chosen ciphertext attack.
It is still very much relevant today as some modern HTTPS hosts are vulnerable
to ROBOT
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Feb. 2, 2018
It’s a special day here in the U.S.. This morning, media folks were hovering
over a specific rodent living
in an eastern state to discover that we are in for six more weeks of winter
, apparently. ¯\_(ツ)_/¯ Guess we’ll stay inside and work on Metasploit…
EternalSunshine of the Security Minded
If you’re still
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Jan. 26, 2018
In last week’s wrap-up post
, we raised
awareness of the new Metasploit 5 work we’re ramping up on. This week, please
GoAhead and
enjoy some new Metasploit goodies!
Get Up, GoAhead
Based on research from danielhodson , hdm
and h00die put together a
new module
4 min
XSS Bug Reports Made Easy
When attackers compromise a website with XSS
, it is important to understand
what actually happened leading up to the exploit, as well as information on how
the exploit was performed, and have clear information on how to remediate.
The importance of this was recently illustrated to me in working with one of our
customers on an alert triggered by an XSS exploit
on the customer’s web application. This blog is an accoun
2 min
InsightVM
Vulnerability Management Year in Review, Part 3: Remediate
The wide impact
of the
Petya-like ransomware
in
2017, mere weeks after WannaCry
exploited many of the same vulnerabilities, illustrated the challenge that
enterprises have with remediating even major headline-grabbing vulnerabilities,
let alone the many vulnerabil
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
1 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/19/18
Metasploit 5 Development Has Begun
It's 2018, the ice is melting in Austin, and as we hinted last October
, Metasploit 5 development
efforts have begun in earnest. We have a laundry list
of features that we
are working on for it. The first feature merged in Metasploit 5
replaces the module
cache, which decreases the memory used
2 min
Think Like a Hacker: Going Beyond Network Security
From health care companies to credit agencies and telecommunication firms,
hackers didn’t hold back in 2017. With no simple solution to hacking on the
horizon, it’s a safe bet that 2018 will come with its own share of data
breaches, compromises and concerns.
Short of pulling the plug and living in the dark, how can companies protect
their data and beat hackers at their own game?
It’s all in your head.
Key Characteristics To Thinking Like A Hacker
Here’s the bottom line: IT security fai
4 min
InsightVM
A RESTful API for InsightVM
With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks
to genre-bending vulnerabilities like Meltdown and Spectre
the future would seem a bit blurry. Louis Pasteur
is attributed with the quote:
“Chance favors the prepared mind.” Pasteur’s work precedes information security
as we know it today by a century, but as an an individu
3 min
InsightAppSec
3 Questions to Ask When Prioritizing Web Application Vulnerabilities
Dynamic application security testing (DAST)
often results in a constantly
evolving list of security vulnerabilities. When scanning a web application
in production or
in an active testing environment, issues can crop up as quickly as changes
happen within the app. And when exposed to the internet itself, there are many
more ways in which security vulnerabilities
6 min
Log Management
Taking a Message-Based Approach to Logging
When you think about it, a log entry is really nothing more than a message that
describes an event. As such, taking a message-based approach to logging by
utilizing messaging technologies makes sense. Messaging creates the loose
coupling that allows a logging system to be adaptable to the needs at hand and
extensible over time.
Understanding a Standard Logging Architecture
Typically, logging is implemented in an application using a logger