4 min
Automation and Orchestration
What is Security Automation?
Security has always been a numbers game. Time to detection and time to response
have been metrics security teams have sought to reduce since the beginning of
time (or at least the beginning of computers…). But what does it take to
actually reduce that number?
If you’re reading this, we’re guessing you’re no stranger to the challenges in
the world of security today. Between the security talent gap
5 min
CIS Controls
The CIS Critical Controls Explained - Control 7: Email and Web browser protection
This blog is a continuation of our blog post series around the CIS Critical
Controls
.
The biggest threat surface in any organization is its workstations. This is the
reason so many of the CIS Critical Security Controls
relate to
workstation and user-focused endpoint security. It is also the reason that
workstation security is a multibill
2 min
Vulnerability Management
CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key
Today, Rapid7 is notifying Nexpose
and InsightVM users of a
vulnerability that affects certain virtual appliances. While this issue is
relatively low severity, we want to make sure that our customers have all the
information they need to make informed security decisions regarding their
networks. If you are a Rapid7 customer who has any questions about this issue,
please don't hesitate to contact your custome
17 min
Vulnerability Disclosure
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary
In October of 2016, former Rapid7 researcher Phil Bosco
discovered a number of relatively low-risk
vulnerabilities and issues involving home security systems that are common
throughout the United States, and which have significant WiFi or Ethernet
capabilities. The three systems tested were offerings from Comcast XFINITY, ADT,
and AT&T Digital Life, and the issues discovered ranged from an apparent "fail
open" condition on the external door and
4 min
Ransomware
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available
in Metasploit for testing your compensating controls and validating
remediations. More info: EternalBlue: Metasploit Module for MS17-010
. Also
removed steps 5 and 6 from scan instructions as they were not strictly necessary
and causing issues for some customers.
*Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts
that ar
6 min
Ransomware
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)
WannaCry Overview
Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna
Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding
computers for ransom at hospitals, government offices, and businesses. To recap:
WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file
sharing protocol. It spreads to unpatched devices directly connected to the
internet and, once inside an organization, those machines and devices behind the
firew
5 min
Komand
Top Threat Actors and Their Tactics, Techniques, Tools, and Targets
With new threats emerging every day (over 230,000 new malware strains
are released into the wild daily), it's tough to stay on top of the the latest
ones, including the actors responsible for them.
A threat actor is an individual or group that launches attacks against specific
targets. These actors usually have a particular style they prefer to focus on.
In this post, we will do a deep dive into so
3 min
Threat Intel
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence
Cyber Threat Intelligence is analyzed information about the opportunities,
capabilities, and intent of cyber adversaries. The goal of cyber threat
intelligence
is to help people make decisions about how to prevent, detect, and respond to
threats against their networks. This can take a number of forms, but the one
people almost always turn to is IOCs. IOCs, or indicators of compromise, are
tech
3 min
Metasploit
Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story
Integrating InsightVM or Nexpose
(Rapid7's vulnerability management
solutions ) with
Metasploit (our penetration
testing solution ) is a
lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules
4 min
Ransomware
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017.
This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst —
literally — onto the scene with one of the initial targets being the British
National Health Service . According to
The Guardian: the “unprecedented attack… affected 12 countries and at least 16
NHS trusts in the UK, compromising IT systems that underpin patient safety.
Staff across the NHS were locked out of their computers and trusts had to divert
em
4 min
Public Policy
White House Cybersecurity Executive Order Summary
Yesterday President Trump issued an Executive Order on cybersecurity:
“Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure.”
The Executive Order (EO) appears broadly positive and well thought out, though
it is just the beginning of a long process and not a sea change in itself. The
EO directs agencies to come up with plans
1 min
Vulnerability Disclosure
On the lookout for Intel AMT CVE-2017-5689
We've had some inquiries about checks for CVE-2017-5689, a vulnerability
affecting Intel AMT devices. On May 5th, 2017, we released a potential
vulnerability check that can help identify assets that may be vulnerable. We
initially ran into issues with trying to determine the exact version of the
firmware remotely, and so a potential check was released so that you would still
be able to identify devices that may be impacted by this.
We didn't stop there though. As part of yesterday's Nexpose rel
4 min
InsightVM
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone
control. It can be difficult to know how to make meaningful progress in your
vulnerability management program
when simply
maintaining visibility can be a struggle. One way to get some leverage is to
make wise use of asset discovery
. If you are
able to tap into repositories or sources of assets, you
3 min
Simplifying Account Takeover Protection
Account takeover
(ATO) is difficult to prevent against because it can go unnoticed for years
until a customer notices something is amiss. It’s tedious and requires detailed
logging as well as flexible query ability to survey for it ‘by hand’.
Many consumer-facing companies try to create in-house solutions, but it can take
years to develop the tools to even do ‘machine assisted’ ATO detection. Even
the
4 min
Komand
The Real Cost of Manual Security Operations
More tools, processes, or people doesn’t always equal better security. In fact,
the more you have to manage, the costlier it can get. But as threats evolve,
technologies and processes change, and so too must security operations.
If your security operations are highly manual today, this post will help you
visualize what that is costing your organization, not just from a monetary
standpoint, but from an efficiency and speed perspective, too. We’ll start by
looking at the three major areas of secu