2 min
Vulnerability Disclosure
R7-2017-16 | CVE-2017-5244: Lack of CSRF protection for stopping tasks in Metasploit Pro, Express, and Community editions (FIXED)
Summary
A vulnerability in Metasploit Pro, Express, and Community was patched in
Metasploit v4.14.0 (Update 2017061301)
.
Routes used to stop running tasks (either particular ones or all tasks) allowed
GET requests. Only POST requests should have been allowed, as the stop/stop_all
routes change the state of the service. This could have allowed an attacker to
stop currently-running Metasploit tasks by getting an authenti
2 min
Microsoft
Patch Tuesday - June 2017
This month sees another spate of critical fixes
from Microsoft, including patches for a number of Remote Code Execution (RCE)
vulnerabilities. Two of these are already known to be exploited in the wild (
CVE-2017-8543
and CVE-2017-8464
3 min
Automation and Orchestration
Will Investing in Security Orchestration Make Your SIEM Obsolete?
As more companies continue to adopt security orchestration, many are now
wondering if their security information and event management (SIEM)
systems will soon become obsolete.
Security teams use SIEMs to manage and correlate alerts from detection tools
with other data and logs. While SIEMS help to corral alerts and log data, they
often don’t do much in the way of reducing alerts or investigatory tasks after
an alert comes in.
Security teams have many
3 min
Vulnerability Management
Live Threat-Driven Vulnerability Prioritization
We often hear that security teams are overwhelmed by the number of
vulnerabilities
in their
environments: every day they are finding more than they can fix. It doesn't help
when rating schemes used for prioritization, like the Common Vulnerability
Scoring System (CVSS), don't really work at scale or take the threat landscape
into account. How do you know where to focus if your vulnerability management
solution
2 min
InsightVM
Wanna see WannaCry vulns in Splunk?
Do you want to see your WannaCry
vulns all in one
dashboard in Splunk? We've got you covered.
Before you start, make sure you have these two apps installed in your Splunk
App:
* Rapid7 Nexpose Technology Add-On for Splunk
* Rapid7 Nexpose for Splunk
Steps
1. Follow the directions in this blog post
6 min
Malware
The CIS Critical Controls Explained- Control 8: Malware Defenses
This is a continuation of our CIS critical security controls
blog series.
Workstations form the biggest threat surface in any organization. The CIS
Critical Security Controls
include
workstation and user-focused endpoint security in several of the controls, but
Control 8 (Malware Defenses) is the only control to strictly focus on antivirus
and malware across the organiza
2 min
Metasploit
Metasploit Wrapup 6/2/17
It has only been one week since the last wrapup, so it's not like much could
have happened, right? Wrong!
Misery Loves Company
After last week's excitement with Metasploit's version of ETERNALBLUE (AKA the
Wannacry vulnerability)
,
this week SAMBA had its own "Hold My Beer" moment with the disclosure that an
authenticated (or anonymous) client can upload a shared library to a SAMBA
server, and that server will happily e
4 min
DevOps
DevOps: Vagrant with AWS EC2 & Digital Ocean
The Benefits of Vagrant Plugins
Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We
Use Them
and Vagrant with Chef-Server
, we will
take another step forward and look into provisioning our servers in the cloud.
There are many cloud providers out there, most who provide some sort of APIs.
Dealing with the different APIs
2 min
InsightOps
How to Combine D3 with AngularJS
The Benefits and Challenges of D3 Angular Combination
Today we'll be focusing on how to combine D3 with the AngularJS framework. As we
all know, Angular and D3 frameworks are very popular, and once they work
together they can be very powerful and helpful when creating dashboards. But,
they can also be challenging and confusing especially when new to these
frameworks. The right way to incorporate D3 with Angular is to use custom
directives. Directives in Angular are essentially functions that ar
3 min
Komand
Security Orchestration Myths: Have You Heard These?
For many companies, the concept of security orchestration is still relatively
new. Security operations teams are scrambling to find a way to keep up with the
troves of alerts, threats, and issues, and wondering if security orchestration
is really going to solve it all.
Naturally, we hear all sorts of misconceptions about security orchestration —
some that couldn’t be further from the truth. In this post, we’ll lay to rest
some well-worn myths so that you can separate signal from noise and decid
4 min
Nexpose
R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms
Summary
Nexpose physical appliances shipped
with an SSH configuration that allowed obsolete algorithms to be used for key
exchange and other functions. Because these algorithms are enabled, attacks
involving authentication to the hardware appliances are more likely to succeed.
We strongly encourage current hardware appliance owners to update their systems
to harden their SSH configuration using the steps outlined under “Remediation”
below. In addition,
3 min
Vulnerability Disclosure
R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure
This post describes a vulnerability in Yopify (a plugin for various popular
e-commerce platforms), as well as remediation steps that have been taken. Yopify
leaks the first name, last initial, city, and recent purchase data of customers,
all without user authorization. This poses a significant privacy risk for
customers. This vulnerability is characterized as: CWE-213 (Intentional
Information Disclosure) .
Product Description
Yopify
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - Incident Classification and Legal/Regulatory Aspects
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
.
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
3 min
Nexpose
InsightVM/Nexpose Patch Tuesday Reporting
Many of our customers wish to report specifically on Microsoft patch related
vulnerabilities
. This
often includes specific vulnerabilities that are patched in Patch Tuesday
updates. This post will show you the various ways that you can create reports
for each of these.
Remediation Projects
Remediation Projects are a feature included in InsightVM
that allow you to get a live view
4 min
Metasploit Wrapup 5/26/17
It has been an intense couple of weeks in infosec since the last Wrapup and
we've got some cool things for you in the latest update.
Hacking like No Such Agency
I'll admit I was wrong. For several years, I've been saying we'll never see
another bug like MS08-067, a full remote hole in a default Windows service.
While I'm not yet convinced that MS17-010 will reach the same scale as MS08-067
did, EternalBlue
has
already