8 min
Vulnerability Management
ScanNow DLL Search Order Hijacking Vulnerability and Deprecation
Overview
On November 27, 2015, Stefan Kanthak contacted Rapid7 to report a vulnerability
in Rapid7's ScanNow tool. Rapid7 takes security issues seriously and this was
no exception. In combination with a preexisting compromise or other
vulnerabilities, and in the absence of sufficient mitigating measures, a system
with ScanNow can allow a malicious party to execute code of their choosing
leading to varying levels of additional compromise. In order to protect the
small community of users who ma
2 min
IT Ops
How to Log Messages from Slack
We recently added support for unedited HTTP logging in Logentries. This means
you can send us log data via HTTPS drain (from heroku), or via any webhook you
want.
One webhook that we’ve been looking to log for a while is Slack
.
People are always chatting away on Slack, and this data might be useful some
day. You can send the data into Logentries however you want, and then worry
about what to do it when you actually need it!
First, you’ll need to
5 min
Vulnerability Disclosure
CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
On December 18th, 2015 Juniper issued an advisory
indicating that they had discovered unauthorized code in the ScreenOS software
that powers their Netscreen firewalls. This advisory covered two distinct
issues; a backdoor in the VPN implementation that allows a passive eavesdropper
to decrypt traffic and a second backdoor
3 min
Nexpose
Have JBoss, Jenkins, WebLogic, WebSphere based applications? Brace yourself, they've got an unwanted Christmas present for you!
Java based server applications are prevalent throughout most corporate
networks. Thousands, if not millions, of applications are deployed using JBoss,
Jenkins, WebLogic and WebSphere - so when a vulnerability affecting the
underlying technology pops up, the impact can be significant. A vulnerability
was recently discovered affecting any Java application which can receive data
back from users, allowing malicious actors to insert unsafe data as it attempts
to ingest the information. The applica
0 min
Rapid7 Culture
Holiday greetings from all of us at Rapid7!
As we reach the end of December and the end of the year, we wanted to take a
moment to pause and recognize what an amazing year it has been -- and how
grateful we are to EVERYONE who made 2015 so memorable. That's why we put
together this short video as a way to say, quite simply, thank you.
(Please note: If you see a grey box instead of a video above, the player may
take a moment to load.)
Happy holidays and happy new year!
~ @mvarmazis
6 min
API
AppSpider's Got Swagger: The first end-to-end security testing for REST APIs
We are thrilled to announce a major new innovation in application security
testing. AppSpider is the first Dynamic Application Security Testing (DAST)
solution capable of testing Swagger-enabled APIs. Swagger is one of the most
popular frameworks for building APIs and the ability to test Swagger-enabled
APIs is not only a huge time savings for application security testing experts,
but also enables Rapid7 customers to more rapidly reduce risk.
Why does this matter?
Modern applications make liber
2 min
Metasploit
How to Avoid Common Mistakes in your Metasploit Community/Pro License Key Request
As a result of export restrictions placed on Metasploit Community and Pro
trials, this year we have introduced some new systems to help process license
requests. We have received a lot of questions about this, and this post will
hopefully answer some of them for you. If you haven't read the original blog
post about the export controls
, please take a moment to review the information there on the updates an
2 min
Nexpose
More TLS Improvements in Nexpose 6.1.2
After releasing TLS Coverage Improvements in Nexpose 6.0.2
we figured that the
Nexpose Security Console should be able to abide by our own suggestions. Last
year we had already disabled SSLv3 support by default and allowed configuring
what other protocols are enabled on the console as well. With this week's
release we're limiting the TLS cipher suites available to the console's web
server by default. Similar to the protocols, the cipher suit
12 min
Vulnerability Disclosure
Multiple Disclosures for Multiple Network Management Systems
Today, Rapid7 is disclosing several vulnerabilities affecting several Network
Management System (NMS) products. These issues were discovered by Deral Heiland
of Rapid7 and independent researcher Matthew
Kienow , and reported to vendors and CERT
for coordinated disclosure per Rapid7's disclosure policy. All together, we're
disclosing six vulnerabilities that affect four NMSs, four of which are expected
to be patched by the time o
3 min
IT Ops
Logentries recognized by Docker as Ecosystem Technology Partner for Logging
Since last year, we’ve anticipated the impact of Docker
and have been building integrations
– first as experiments
and later as
full-blown solutions
. It’s therefore
with great pleasure that we’re announcing our recognition by Docker as an
Ecosystem Technology Partner for Logging.
Why Monitor Docker Logs?
Most teams that
10 min
Vulnerability Disclosure
R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)
ManageEngine Desktop Central 9
suffers from a
vulnerability that allows a remote attacker to upload a malicious file, and
execute it under the context of SYSTEM. Authentication is not required to
exploit this vulnerability.
In addition, the vulnerability is similar to a ZDI advisory released on May 7th,
2015, ZDI-15-180 . This
advisory specifically mentions computerName, and this is
5 min
SIEM
5 Ways Attackers Can Evade a SIEM
I've been in love with the idea of a SIEM
since I was a system administrator.
My first Real Job™ was helping run a Linux-based network for a public
university. We were open source nuts, and this network was our playground.
Things did not always work as intended. Servers crashed, performance was
occasionally iffy on the fileserver and the network, and we were often
responding to outages.
Of course, we had tools to alert us when outages were going on. I
5 min
IT Ops
Analysing Hystrix metrics with Logentries
We’ve been using Hystrix in
production here at Logentries for over a year now [shameless plug: I briefly
talked about this
at a Clojure Ireland meetup recently :)] and have found it useful not only for
bulkheading requests, but
for getting fine-grained metrics for internal API calls.
Netflix has also open-sourced a funky dashbo
1 min
Nexpose
Configuring the SNMP request timeout
The SNMP protocol is very common, has many implementations and is deployed in
diverse networks. In some cases it responds very promptly, in others it is
relatively slow to respond. We found that in some environments a 1 second
request timeout was insufficient, so in Nexpose 6.1.1 we have changed the
default to 3 seconds in order to improve the service and related vulnerability
detection.
This, however, can have a major impact on scan times on port 161 and may not be
desirable on networks with l
5 min
Rapid7 Culture
Rapid7 Belfast Office First Hackathon!
What an exciting year 2015 has been to work at Rapid7! We had our IPO and made
two awesome acquisitions' in NT OBJECTives (NTO) and Logentries. Another of the
many notable events that have occurred over the past 18 – 24 months has been the
growth seen in the size of the products team. At the core of this expansion has
been the Belfast R & D office, which has now been established for almost 2
years. Leonardo da Vinci said, “One shall be born from small beginnings which
rapidly become vast.” This