2 min
Detection and Response
The Legal Perspective of a Data Breach
The following is a guest post by Christopher Hart, an attorney at Foley Hoag and
a member of Foley Hoag’s cybersecurity incident response team. This is not meant
to constitute legal advice; instead, Chris offers helpful guidance for building
an incident preparation and breach response framework in your own organization.
A data breach is a business crisis that requires both a quick and a careful
response. From my perspective as a lawyer, I want to provide the best advice and
assistance I possibl
23 min
Komand
An Interview with Rebekah Brown, Co-Author of Intelligence-Driven Incident Response
We recently interviewed Rebekah Brown for our Defender Spotlight series
on the topic of her life
as a cybersecurity defender. When we spoke with her, she also talked in-depth
about how threat intelligence can inform and improve the incident response
lifecycle.
Rebekah practices these concepts in her day-to-day life as a defender, and she’s
even co-authored a book on this very topic called Intelligence-Driven Incident
Response
3 min
Nexpose
AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan
AWS instances present many challenges to security practitioners, who must manage
the spikes and dips of resources in infrastructures that deal in very
short-lived assets. Better and more accurate syncing of when instances are spun
up or down, altered, or terminated directly impacts the quality of security
data.
A New Discovery Connection
Today we’re excited to announce better integration between the Security Console
and Amazon Web Services with the new Amazon Web Services Asset Sync discovery
c
1 min
Patch Tuesday
Patch Tuesday - September 2017
It's a big month, with Microsoft patching
85 separate vulnerabilities including the two Adobe Flash Player Remote Code
Execution
(RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing
recent trends, the bulk of Critical RCE vulnerabilities are client-side,
primarily in Edge, IE,
2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
, is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
4 min
Government
Cybersecurity for NAFTA
When the North American Free Trade Agreement (NAFTA) was originally negotiated,
cybersecurity was not a central focus. NAFTA came into force – removing
obstacles to commercial trade activity between the US, Canada, and Mexico – in
1994, well before most digital services existed. Today, cybersecurity is a major
economic force – itself a large industry and important source of jobs, as well
as an enabler of broader economic health by reducing risk and uncertainty for
businesses. Going forward, cybe
3 min
Automation and Orchestration
RSA (Rivest, Shamir and Adleman)
Synopsis
Rivest, Shamir & Adleman (RSA) is the public key cryptosystem. The phenomenon
of data transmission is secured through it. The letters “RSA” are the initials
of the inventor of the system. Four steps are incorporated in this algorithm:
Encryption, Decryption, Key Distribution and Key Generation. After the
development of public-key cryptography, the most famous cryptosystem in the
world is RSA. In order to maintain proper security, the decryption exponent of
RSA must be greater than cer
3 min
Automation and Orchestration
What is Data Encryption Standard (DES)?
Synopsis
The Data which is encrypted by symmetric key method is called Data Encryption
Standard (DES). It was prepared by IBM Team in 1974 and declared as national
standard in 1977. Government was also using cryptography, especially in
diplomatic communication and military. Without cryptography it’s difficult to
interpret military communication. Cryptography was also used in commercial
sector. Federal Information Processing Standard (FIPS) was also working on DES.
FIPS was integrated with comput
4 min
Komand
How to Use Your Threat Model as a Guidepost for Security
The threats you face are unique to your company's size, industry, customer base,
and many other factors. So your approach to protecting your
organization's digital data should be unique, too.
In this post, we’ll cover a framework to develop an effective threat model that
will fits your organization's unique needs.
The Factors that Determine Your Unique Threat Model
There are many factors that can determine your threat model. And while this will
vary from company to company, we've identified th
5 min
Authentication
R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)
This post describes three security vulnerabilities related to access controls
and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze
fixed all three issues by May 6, 2017, and user action is not required to
remediate. Rapid7 thanks Fuze for their quick and thoughtful response to these
vulnerabilities:
* R7-2017-07.1, CWE-284 (Improper Access Control)
: An unauthenticated remote
attacker can enumerate through MAC addr
1 min
Metasploit
Metasploit: The New Shiny
It's been a while since I've written a blog post about new stuff in Metasploit
(and I'm not sure if the
editors will let me top the innuendo of the last one
). But I'm privileged to
announce that I'm speaking about Metasploit twice next month: once at the FSec
17 Conference in Varaždīn, Croatia September 7-8, and a
second time at UNITED 2017
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: August 11, 2017
Slowloris: SMB edition
Taking a page from the Slowloris HTTP DoS attack
, the
aptly named SMBLoris DoS attack
exploits a vuln contained in many Windows releases (back to Windows 2000) and
also affects Samba (a popular open source SMB implementation). Through creation
of many connections to a target's SMB port, an attacker can exhaust all
available memory on the target by sendi
2 min
Metasploit
Hack with Metasploit: Announcing the UNITED 2017 CTF
Got mad skillz? Want mad skillz? This year at Rapid7's annual UNITED Summit
, we're hosting a first-of-its-kind Capture
the Flag (CTF) competition. Whether you're a noob to hacking or a grizzled pro,
you'll emerge from our 25-hour CTF with more knowledge and serious bragging
rights. Show off your 1337 abilities by competing for top prizes, or learn how
to capture your first ever flag. Read on for details, and if you haven't already
done so, register for UNITED
9 min
How to Prevent XSS Attacks
In my last post, we covered what is XSS and why it’s so hard to prevent, which
can seem overwhelming, given what we know now. With even major web sites making
mistakes should the rest of us just give up unplug our internet connections and
go read a book? Of course not, there are a number of techniques that the
community has developed to mitigate the risks of XSS. Here’s what we can do to
prevent XSS attacks.
Training
The first line of defense is Training the developers. At this point, it is
7 min
Research
Remote Desktop Protocol (RDP) Exposure
The Remote Desktop Protocol, commonly referred to as RDP, is a proprietary
protocol developed by Microsoft that is used to provide a graphical means of
connecting to a network-connected computer. RDP client and server support has
been present in varying capacities in most every Windows version since NT
. Outside of Microsoft's offerings,
there are RDP clients available for most other operating systems. If the nitty
gritty of protocols is your thing, Wiki