3 min
Komand
Security Orchestration Myths: Have You Heard These?
For many companies, the concept of security orchestration is still relatively
new. Security operations teams are scrambling to find a way to keep up with the
troves of alerts, threats, and issues, and wondering if security orchestration
is really going to solve it all.
Naturally, we hear all sorts of misconceptions about security orchestration —
some that couldn’t be further from the truth. In this post, we’ll lay to rest
some well-worn myths so that you can separate signal from noise and decid
4 min
Nexpose
R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms
Summary
Nexpose physical appliances shipped
with an SSH configuration that allowed obsolete algorithms to be used for key
exchange and other functions. Because these algorithms are enabled, attacks
involving authentication to the hardware appliances are more likely to succeed.
We strongly encourage current hardware appliance owners to update their systems
to harden their SSH configuration using the steps outlined under “Remediation”
below. In addition,
3 min
Vulnerability Disclosure
R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure
This post describes a vulnerability in Yopify (a plugin for various popular
e-commerce platforms), as well as remediation steps that have been taken. Yopify
leaks the first name, last initial, city, and recent purchase data of customers,
all without user authorization. This poses a significant privacy risk for
customers. This vulnerability is characterized as: CWE-213 (Intentional
Information Disclosure) .
Product Description
Yopify
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - Incident Classification and Legal/Regulatory Aspects
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
.
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
3 min
Nexpose
InsightVM/Nexpose Patch Tuesday Reporting
Many of our customers wish to report specifically on Microsoft patch related
vulnerabilities
. This
often includes specific vulnerabilities that are patched in Patch Tuesday
updates. This post will show you the various ways that you can create reports
for each of these.
Remediation Projects
Remediation Projects are a feature included in InsightVM
that allow you to get a live view
4 min
Metasploit Wrapup 5/26/17
It has been an intense couple of weeks in infosec since the last Wrapup and
we've got some cool things for you in the latest update.
Hacking like No Such Agency
I'll admit I was wrong. For several years, I've been saying we'll never see
another bug like MS08-067, a full remote hole in a default Windows service.
While I'm not yet convinced that MS17-010 will reach the same scale as MS08-067
did, EternalBlue
has
already
4 min
Linux
Patching CVE-2017-7494 in Samba: It's the Circle of Life
With the scent of scorched internet still lingering in the air from the
WannaCry
Ransomworm
, today we see a new scary-and-potentially-incendiary bug hitting the twitter
news. The vulnerability - CVE-2017-7494 - affects versions 3.5 (released March
1, 2010) and onwards of Samba, the defacto standard for providing Windows-based
file and print services on Unix and Linux systems.
We strongly recommend that s
2 min
Nexpose
Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose
Just when you'd finished wiping away your WannaCry
tears, the interwebs
dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494
(no snazzy name
as of the publishing of this blog, but hopefully something with a Lion King
reference will be created soon).
As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's
overview of the Samba vulnerabil
3 min
Komand
Announcing Chatbot Response Prompts
ChatOps is a big theme these
days. IT operations, software engineers, security professionals, and many more
utilize ChatOps as a popular way to collaborate with team members in real-time,
and in one central location. Slack is often the app of choice for ChatOps; they
have a robust API along with in-depth documentation on
how to integrate with their product. They’ve also developed interactive features
1 min
Komand
EMEA Cybersecurity Event Calendars
For both professionals and those who are interested, attending events has become
a part of the norm in the cybersecurity space. We've helped security
professionals find events with both our U.S. and Asia cybersecurity event
calendars, and now we're expanding to EMEA.
If you want to gain valuable insight about the latest in cybersecurity outside
the US, we’ve put together a list of events throughout Europe, the Middle East,
and Africa. Don’t miss out!
Below, we feature 5 events you should defin
4 min
Log Management
What is Syslog?
This post has been written by Dr. Miao Wang, a Post-Doctoral Researcher at the
Performance Engineering Lab at University College Dublin.
This post is the first in a multi-part series of posts on the many options for
collecting and forwarding log data from different platforms and the pros and
cons of each. In this first post we will focus on Syslog, and will provide
background on the Syslog protocol.
What is Syslog?
Syslog has been around for a number of decades and provides a protocol used for
2 min
Javascript
What are Javascript Source Maps?
It's generally a good practice to minify and combine your assets (Javascript &
CSS) when deploying to production. This process reduces the size of your assets
and dramatically improves your website's load time.
Source maps create a map from these compressed asset files back to the source
files.
This source map allows you to debug and view the source code of your compressed
assets, as if you were actually working with the original CSS and Javascript
source code.
Take a look at jQuery minifi
3 min
Heroku Dynos Explained
What are Heroku Dynos?
If you've ever hosted an application on Heroku , the
popular platform as a service, you're likely at least aware of the existence of
“Dynos”. But what exactly are Heroku Dynos and why are they important?
As explained in Heroku's docs , Dynos are simply
lightweight Linux containers dedicated to running your application processes. At
the most basic level, a newly deployed app to Heroku will be supported by one
Dyno for
4 min
Container Security
Modern Network Coverage and Container Security in InsightVM
For a long time, the concept of “infrastructure” remained relatively unchanged:
Firewalls, routers, servers, desktops, and so on make up the majority of your
network. Yet over the last few years, the tides have begun to shift.
Virtualization is now ubiquitous, giving employees tremendous leeway in their
ability to spin up and take down new machines at will. Large chunks of critical
processes and applications run in cloud services like Amazon Web Services (AWS)
and Microsoft Azure. Containers hav
3 min
Log Management
Active vs. Passive Server Monitoring
Server monitoring is a
requirement, not a choice. It is used for your entire software stack, web-based
enterprise suites, custom applications, e-commerce sites, local area networks,
etc. Unmonitored servers are lost opportunities for optimization, difficult to
maintain, more unpredictable, and more prone to failure.
While it is very likely that your team has a log management and analysis
initiative