3 min
Detection and Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)
In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...
2 min
Rapid7 Perspective
Standing with Massachusetts technology leaders in support of net neutrality
On Monday, Rapid7 will host Senator Edward J. Markey and a group of technology
and business leaders from across Massachusetts as we stand in support of net
neutrality. Together, we’ll affirm our commitment to a free and open internet
that promotes growth and innovation and gives all users broad access to internet
content.
At the heart of net neutrality is the principle that internet service providers
must treat all content transmitted across the internet equally. In practice,
this means that IS
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM ,
even after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve rele
1 min
Vulnerability Management
CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability
I have Oracle Identity Manager running in my environment. What's going on? Am I
vulnerable?
Recently, we’ve been getting more than a few questions about the Oracle
Identity
Manager vulnerability (CVE-2017-10151)
, which was
rated by Oracle with the most critical CVSS score of 10
. This is the highest possible
CVSS score, which represents a vulnerability with a low complexity for
4 min
GDPR
GDPR Compliance Checklist: December – Assess & Review
With under six months to go until the General Data Protection Regulation (GDPR)
comes into force,
organizations that handle the personal data of EU citizens are preparing for
this new compliance regulation. In order to help you through this new
regulation, we’re creating a series of helpful blog posts to see you all the way
to May 25th 2018. This GDPR-focused infographic covers the month-by-month high
level topics. If you missed our November bl
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Dec. 1, 2017
Here in the U.S., we just celebrated Thanksgiving, which involves being thankful
, seeing friends and family, and eating
entirely too much (I know that last one is not uncommon here). After a large
meal and vacation, we figured that it would be a nice, slow week for security
research in the States. Then we opened Twitter and were suddenly happy we had
procrastinated and most of us had put off upgrading to High Sierra.
Community CTF
In case you missed yesterd
3 min
Detection and Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)
Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.
2 min
Metasploit
Announcing the Metasploitable3 Community CTF
Been waiting for the Linux version of Metasploitable3 to drop? We’ll do you one
better: Metasploit is giving the community a week to rain shells on a
penguin-shaped Metasploitable3 instance—and to win prizes at the end of it. Play
starts December 4; see below for full competition details.
TL;DR: Sign up, drop shells, win stuff.
Not into capturing flags but jonesing for a look at the code? We’ll release the
Linux Metasploitable3 source code to the community soon after the competition
ends. Happ
3 min
InsightAppSec
InsightAppSec Feature Highlights: On-Premise Engines, JIRA Integration, and More
Powerful Yet Simple DAST Scanning Gets Even Better
InsightAppSec , Rapid7’s
cloud-powered web application security testing solution
, has added three
powerful new features:
* On-premise scan engines
* JIRA integration
* Scan Activity view
Test Your Internal Applications and Reduce Your Risk
Web application security testing
4 min
CVE-2017-16943: Exim BDAT Use-After-Free
Exim BDAT Use-After-Free (CVE-2017-16943): What You Need To Know
Turns out, the Exim Internet Mailer team was
busy over the Thanksgiving holiday, after security researcher “meh
” reported a pair of vulnerabilities in the wildly
popular open source email server. The first, a critical remote execution
vulnerability, is a use-after-free (UAF) vulnerability, dubbed CVE-2017-16943
3 min
InsightIDR
InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics, are now core to SIEM to help teams find the needles in their
ever-growing data stacks. That means in order for project success, the right
data sources need to be connected: “If a log falls in a forest and no parser
hears it, the SIEM hath no sound.”
We’ve included endpoint visibility in InsightIDR since the beginning—it’
2 min
Detection and Response
Firewall Reporting Excessive SYN Packets? Check Rate of Connections
In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.
5 min
Log Management
3 Steps to Building an Effective Log Management Policy
You’re on Call Duty. You’re awoken in the middle of the night by your cell phone
in the throes of an SMS frenzy. You’re getting hundreds of messages from your
company’s logging service: a record is being written to a database, code is
being executed, a new container is being spun up, and on and on. None of these
messages matter to you. You just turn off your phone and go back to sleep.
The next day you go into the office only to find out that half the racks in your
datacenter went offline durin
5 min
Vulnerability Management
INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know
INTEL-SA-00086 vulnerabilities? What’s Up?
(Full update log at the end of the post as we make changes.)
Intel decided to talk turkey
this week about a cornucopia of vulnerabilities that external (i.e. non-Intel)
researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies
Research — discovered in their chips. Yes: chips. Intel conducted a
comprehensive review of their Intel® Management Engine
4 min
Vulnerability Management
The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know
JoltandBleed vulnerabilities? What’s Up?
Oracle recently issued emergency patches for five vulnerabilities:
* CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation
gives an attacker a chance to remotely read the memory of the server.
* CVE-2017-10267 is a vulnerability of stack overflows.
* CVE-2017-10278 is a vulnerability of heap overflows.
* CVE-2017-10266 is a vulnerability that makes it possible for a malicious
actor to bruteforce passwords of DomainPWD which i