2 min
Nexpose
Nexpose API: SiteSaveRequest and IP Addresses vs Host Names
With the release of Nexpose 5.11.1
we made some changes
under the hood that improved scan performance and scan integration performance.
As a result of those changes, the rules applied to using SiteSaveRequest in API
1.1 became stricter, which may have caused issues for some users. In the past
this "worked" for the most part, though there were certainly side effects
observable in the Web interface after the fact. Since these issues were not
a
2 min
Patch Tuesday
SChannel and MS14-066, another Red Alert?
This has been a busy Patch Tuesday for Microsoft. Of the fourteen bulletins,
four of which were deemed critical, MS14-066
has been getting
significant attention. This vulnerability, CVE-2014-6321
, affects
Windows Secure Channel (SChannel)
and was discovered privately by Microsoft through an in
3 min
IT Ops
JSON Formatting of Windows Events: It's Hot!
It seems like everyone in DevOps has been talking about JSON recently – JSON is
hot!
Logentries has written a few posts covering this topic, coveringWhat is JSON
, Common Problems Solved with JSON
, and our Exporting as JSON
. However we thought it
would be beneficial to dive into some more specific applications. We already
wrote about a few, namely JSON a
3 min
Cloud Infrastructure
Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business
You may fear that cloud services jeopardize your organization's security. Yet,
your business relies on cloud services to increase its productivity. Introducing
a policy to forbid these cloud services may not be a viable option. The better
option is to get visibility into your shadow IT
and to enable your business to
use it securely to increase productivity and keep up with the market.
Step one: Find out which cloud services your organization is u
3 min
User Behavior Analytics
Detecting Compromised Amazon Web Services (AWS) Accounts
As you move more of your critical assets to Amazon Web Services (AWS), you'll
need to ensure that only authorized users have access. Three out of four
breaches use compromised credentials, yet many companies struggle to detect
their use. UserInsight enables organizations to detect compromised credentials,
from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight
monitors all administrator access to Amazon Web Services, so you can detect
compromised credentials before they
4 min
IT Ops
Unlimited Logging: A New Chapter in Log Management
It’s no secret that log data is quickly becoming one of the most valuable
sources of information within organizations. There are open source, on-premise,
and cloud-based solutions to help you glean value from your logs in
many different ways.
Largely, organizations use logs for debugging during development, for monitoring
and troubleshooting production systems, for security audit trails and forensics,
and (more and more) for different business use cases that transcend product
management and mar
3 min
IT Ops
The Role of Logging in the Internet of Things
Let’s explore the importance of logging from IoT devices…
The IoT is defined as the interconnection of uniquely identifiable embedded
computing devices within an existing internet infrastructure . In plain
English IoT is expected to enable the advanced connectivity of devices and
systems, which would involve machine-to-machine communications (M2M).
The IoT is still in its early
stages but some analysts predict that the IoT will boost the glob
4 min
IT Ops
What Is JSON? An Introductory Guide
Some days it’s hard to remember if Moore’s law applies to increasing computer
power or the number of technologies and breadth of terminology impacting our
daily work.
JSON, short for JavaScript Object Notation, continues to gain momentum in our
increasingly connected world. Reading this primer will give you a baseline
understanding so you can start having intelligent conversations about the pros
and cons of using JSON
with your team.
1 min
CISOs
Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"
Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live
Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and
Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this
week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity
Awareness month webcast where we were joined by a panel of experts:
Brian Betterton - Director, Security, Risk and Compliance at Reit Management &
Research
Trey Ford - Global Security
3 min
IT Ops
Logging Activity in a Smart Home
The Smart Home concept is a subset of the Internet of Things(IoT). The core idea
is to connect “things” (digital devices) to each other to facilitate
communication, feedback, and alerting. In essence connecting the physical world
with the digital world. We are installing new sensors and actuators into
everyday devices that is leading to new IoT and Smart Home services by
integrating existing solutions and technologies.
The IoT network is growing at an unbelievable pace.
From just 2 billion obje
3 min
Vulnerability Disclosure
R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access
Introduction
GNU Wget is a command-line utility designed to download files via HTTP, HTTPS,
and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack
(CVE-2014-4877) when running in recursive mode with a FTP target. This
vulnerability allows an attacker operating a malicious FTP server to create
arbitrary files, directories, and symlinks on the user's filesystem. The symlink
attack allows file contents to be overwritten, including binary files, and
access to the entire filesystem wit
2 min
Nexpose
Improve your scan performance with Scan Engine pooling
You can improve the speed of your scans for large numbers of assets in a single
site by pooling your Scan Engines. With pooling, the work it takes to scan one
large site is split across multiple engines to maximize pool utilization.
Additionally, engine pooling can assist in cases of fault tolerance. For
example, if one Scan Engine in the pool fails during a scan, it will transfer
the scanning tasks of that asset to another engine within the pool.
Available with the release of Nexpose 5.11, thi
5 min
Incident Response
Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
Based on a common pain and your positive feedback on last month's blog post
entitled "Don't Be Noisy"
, we have started significantly expanding the scope of our noise reduction
efforts. Rather than reinvent the great technology that intrusion
detection/prevention systems (IDS/IPS), firewalls, and anti-virus products
offer, we are aiming to provide an understanding of the massive amounts of data
produced b
3 min
IT Ops
Shared Services: The Unicorn Every DevOps is Looking For
In my hunt for the mysterious DevOps practice, I’ve been let down. DevOps are
hard to find. When you find them, they do not exactly do what you think they
should do. Some DevOps teams only execute on automation for dev; while others
are operations folks with a new name; and still others are internal consultants
helping operations and developers (but not actually doing the work).
In my DevOps scavenger hunt I have identified a new type of creature; shared
services (aka the unicorn)
What I have
17 min
Project Sonar
R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities
Overview
In the summer of 2014, Rapid7 Labs started scanning the public Internet for
NAT-PMP as part of Project Sonar
. NAT-PMP is a protocol
implemented by many SOHO-class routers and networking devices that allows
firewall and routing rules to be manipulated to enable internal, assumed trusted
users behind a NAT device to allow external users to access internal TCP and UDP
services for things like Apple's Back to My Mac and file/media shar