5 min
IT Ops
Logging OwnTracks to Logentries
A previous blog
showed how MQTT logs can be sent to Logentries for storage, analysis and how
those logs can be to alert on potential MQTT security threats, as well as to
store and visualize sensor data. This blog follows that by showing how to build
a fully connected IoT system composed of the OwnTracks iOS app as an MQTT
publisher, a Raspberry Pi with Mosquitto embedded as an MQTT messaging broker
and Logentries as
2 min
Nexpose
Patch Tuesday, October 2016
October continues a
long running trend with Microsoft's products where the majority of bulletins (6)
address remote code execution (RCE) followed by elevation of privilege (3) and
information disclosure (1). All of this month's critical bulletins are remote
code execution vulnerabilities, affecting a variety of products and platforms
including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services
and Web Apps, Sharepoint as
4 min
Android
Pokemon Go, Security, and Obsolescence
Pokemon Go started it.
The crusty old house cell phone, which we had years ago ported from a genuine
AT&T land line to a T-Mobile account, suddenly caught the attention of my middle
son.
> "Hey Dad, can I use that phone to catch Pokemon at the park?"
"Sure! Have fun, and don't come back until sundown!"
A few minutes later, he had hunted down his first Pikachu, which apparently
required running around the block in Texas summer heat a few times. Sweat-soaked
but proud, he happily presented hi
5 min
IT Ops
Logging Mosquitto Server logs (from Raspberry Pi) to Logentries
The Internet is evolving and part of this is the emerging Internet of Things
(IoT). IoT allows us to use the Internet to seamlessly connect the cyberspace
and real world using physical sensors at huge scale, allowing us to gather and
analyze the data across many domains. It is estimated that there will be 20
billion Things connected to the Internet by 2020, generating an enormous amount
of data.
A previous blog post
3 min
Awards
Rapid7 On Top in SANS Top 20 Critical Security Controls
Being great is, well… great, right? But as we all know it doesn't happen in a
vacuum, it's an equation:
Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships
Coincidentally (or not), these items make up three of the five core values we
strive towards here at Rapid7 – the other two play a role as well in
‘Disciplined Risk Taking' and ‘Continuous Learning', but we all know blog posts
need three things, it's some sort of Internet rule. Now, let's be honest, public
displ
3 min
Komand
How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts
You have the tools to detect and notify your team about security threats. You’ve
hired the best security practitioners who know what an effective security
posture looks like. You’re all set to stop attackers from compromising your
systems.
Just one more thing: How can you maximize the value of these resources,
especially in the face of complex threats and a huge volume of alerts?
While processes can go a long way in harmonizing your tools and personnel to
accelerate tedious tasks such as alert
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports and NIST 800-53
controls
mapping . Last
week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how compliant you are overall,
understand where you need to
7 min
Vulnerability Disclosure
R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump
Today we are announcing three vulnerabilities in the Animas OneTouch Ping
insulin pump system, a popular pump with a blood glucose meter that services as
a remote control via RF communication. Before we get into the technical details,
we want to flag that we believe the risk of wide scale exploitation of these
insulin pump vulnerabilities is relatively low, and we don't believe this is
cause for panic. We recommend that users of the devices consult their healthcare
providers before making major
3 min
Automation and Orchestration
Cross Site Scripting (XSS) Attacks
Synopsis
Cross Site Scripting (XSS) Attacks
are the second
category of the three largest web attacks used today. Here, we’ll set up a node
server to demonstrate an XSS attack, see browser based XSS prevention, and
finally discuss what further exploits exist based on this attack.
Setup
Here’s our normal, tiny node server to demonstrate XSS.
Create the file server.js as follows:
var http = require('http');
var url = require('url');
3 min
Nexpose
Simplifying BIG Data Within Information Security Applications
Rapid7 wants to help organizations leverage all their data to gain powerful
insights into their data security
, find and fix exposures
that lead to compromise. The User Experience (UX) team at Rapid7 designed a set
of tools that help users handle the volume and complexity of their data to make
it simple to analyze and remediate on time. But this wasn't a simple task; it
took us about a year and a long process of discovery, analysis, strategy,
r
2 min
Managed Detection and Response (MDR)
38 Questions to Ask Your Next MDR Provider
Managed Detection and Response (MDR)
services are still a relatively new concept in the security industry. Just
recently, Gartner published their first Market Guide on Managed Detection &
Response , which further defines
the MDR Services market. MDR Services combines human expertise with tools to
provide 24/7 monitoring and alerting, as well as remote incident investiga
7 min
Komand
Defender Spotlight: Mike Arpaia of Kolide
Welcome to Defender Spotlight! In this monthly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide
.
Mike is the original creator of osquery , which he created,
open-sourced, and widely deployed while work
2 min
Nexpose
Live Monitoring with Endpoint Agents
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat
Exposure Analytics, and Liveboards, powered by the Insight Platform. These
capabilities help organizations using our vulnerability management solution
to spot changes as
it happens and prioritize risks for remediation.
We've also been working on a new way for organizations to get a re
2 min
Nexpose
Vulnerability Remediation with Nexpose
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by
the Insight Platform. These capabilities help organizations using our
vulnerability management solution to spot changes as it happens and prioritize
risks for remediation.
We've also been working on a new workflow tool to streamline the next part of
the job - fixing exposures. Remediation Workflow (Beta) allows you to convert
exposures into
3 min
Malware
Malware and Advanced Threat Protection: A User-Host-Process Model
In today's big data and data science age, you need to think outside the box when
it comes to malware and advanced threat protection
.
For the Analytic Response team at our 24/7 SOC in Alexandria, VA, we use three
levels of user behavior analytics to identify and respond to threats. The model
is defined as User-Host-Process, or UHP. Using this model and its supporting
datasets allows our team to quickly neutralize and pr