9 min
Upcoming G20 Summit Fuels Espionage Operations
The international policy and financial community is in ferment for the upcoming
G-20 summit, scheduled to kick-off in St Petersburg, Russia, in two weeks from
now. The "Group of Twenty" consists of political leaders, finance ministers and
bank governors from 19 economically-prominent countries, along with
representatives of European Union institutions.
The group has been meeting regularly every year since 2008 in private meetings
where the participants discuss and agree on international financ
3 min
Product Updates
Weekly Update: Cooperative Disclosure and Assessing Joomla
Cooperative Disclosure
I'm in attendance this year at Rapid7's UNITED Security Summit, and the
conversations I'm finding myself in are tending to revolve around vulnerability
disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every
day, it happens often enough that we have a disclosure policy that we stick to
when we get a hold of newly uncovered vulnerabilities.
What's not talked about in that disclosure policy is the Metasploit exploit dev
community's willingness to help
9 min
Malware
ByeBye Shell and the Targeting of Pakistan
Asia and South Asia are a theater for daily attacks and numerous ongoing
espionage campaigns between neighboring countries, so many campaigns that it's
hard to keep count. Recently I stumbled on yet another one, which appears to
have been active since at least the beginning of the year, and seems mostly
directed at Pakistani targets.
In this article we're going to analyze the nature of the attacks, the
functionality of the backdoor - here labelled as ByeBye Shell - and the quick
interaction I h
2 min
Microsoft
August Patch Tuesday
Oh noes! Fire! Look out! Run in circles, scream and shout! There's a remotely
exploitable, publicly disclosed, critical remote code execution vulnerability in
Microsoft Exchange (MS13-061)! Prepare for the end of teh interwebs.
But wait, is it really remotely exploitable? Well, not in the sense that user
interaction is not required, it's a parser issue that is only triggered by a
user opening a malicious message in Outlook Web Access (OWA).
Okay, but it's still publicly disclosed right? I mean
2 min
IT Ops
Field-level search
Back in July we announced a substantial improvement to our search functionality,
searching your log data with logical operators
. Today we are happy to announce
another big step in improving our search facility. You can now perform **
field-level searches **in Logentries.
Field-level searches allow you to search for events where a particular field is
equal to, less than or greater than a particular value and thus al
0 min
Metasploit
SecureNinjaTV Interview: Tod Beardsley About Metasploit 10th Anniversary
At Black Hat 2013 in Vegas this year, our very own Tod Beardsley was cornered by
SecureNinja TV and social engineered into giving an interview. Here is the
result - captured for eternity:
Click here to download Metasploit Pro
3 min
IT Ops
Build your own SMS Alerts--Logentries and Clickatell Combined!
*
This is a guest blog post by Jason Ruane, the technical director at Moposa
, a place for brides and grooms to plan and manage their
wedding. In this post Jason, describes how he used Logentries webhook alerts and
Clickatell to receive Logentries alerts via SMS. Jason and his team are long
time users of logentries, analyzing all their logs from multiple servers in one
centralized, cloud location.
How I receive my Logentries
2 min
Nexpose
Bulk Asset Delete Operations via the Asset Filter Page
The latest release of Nexpose allows a user to delete multiple assets at once
via either the site page or the asset group listing page. However, if a user
needs to delete a range of assets which aren't represented by an existing site
or group he can use the Asset Filter page to build a query and then define an
asset group through which the bulk delete operation can be invoked.
Clicking on the Asset Filter button will bring up a new page that allows you to
build an Asset Filter query that can
3 min
IT Ops
How to Best Structure your Logs: Log Analysis Tips and Best Practices with Gal Segal from eToro
This week we have a guest blog post by Gal Segal. Gal is an engineer at eToro
, the worlds Largest Social
Trading & Investment Network. In this post Gal shares his thoughts on log
analysis best practices including tips on how best to structure your logs as
well as some useful patterns that can be applied within your log events. He also
discusses how to use Logentries’ new log search
functionality to more easily
7 min
Nexpose
Asset Discovery Troubleshooting Guide
This guide is designed to show you how to determine the cause of and solution to
the most common difficulties experienced during asset discovery in Nexpose.
The following common issues will be covered here:
1. None or only a few assets are found to be alive
2. Scan appears to hang or is taking too long after finding live assets
3. Incorrect number of open ports on one or more assets
After reviewing the issue that applies to your scan head down to the end of this
guide for detailed troubles
7 min
Nexpose
Simplifying Security Programs with Nexpose 5.7
We are pleased to announce the next version of Nexpose, version 5.7. This
release focuses on helping to provide context on how well your Security Program
is performing and helping you simplify your vulnerability management processes
to help you save time.
The last release of Nexpose, Nexpose 5.6
, introduced the
new Top Remediation
7 min
Metasploit 4.7's New MetaModules Simplify Security Testing
Even when offensive security techniques have been publicly discussed at
conferences and proof of concept code or open source tools are available, using
them in your projects can be very time consuming and may even require custom
development. Metasploit Pro
4.7 now introduces
MetaModules, a unique new way to simplify and operationalize security testing
for IT security professionals.
MetaModules automate common yet complicated security tests
2 min
Metasploit
Metasploit Design Contest: So Much Win!
You may recall that back in May, we announced a Metasploit design contest
to
commemorate 10 years of Metasploit -- and now, it's time to announce the (many)
winners! Once again, the open source security community has blown me away with
your creativity, dedication, and subversive humor. We had a total of 118 designs
(most of which did not suck!) from 55 designers. Not bad for a nearly completely
hashtag-driven contest! In
2 min
Rapid7 Perspective
If you can't explain it simply, you don't understand it well enough
You may have heard “If you can't explain it simply, you don't understand it well
enough.” This is a quote attributed to Albert Einstein that I immediately
thought of when I read about the newly-published risk metrics findings of the
Ponemon Institute study The State of Risk-Based Security Management. Of the
1,320 IT and security professionals surveyed, 59% said that security metrics
information is too technical to be understood by non-technical management.
Really!?
There's not a single thing as
2 min
Microsoft
Patch Tuesday - July Edition!
This month's patch Tuesday the polar opposite of last month's ho-hum,
here-we-go-again-with-the-patches exercise. There are 7 advisories and 6 of
those are critical issues allowing remote code execution. Basically everything
in the core Microsoft world is affected by one or more of these, every supported
OS, every version of MS Office, Lync, Silverlight, Visual Studio and .NET. It's
going to be a busy time for security teams everywhere.
For the first time ever Microsoft is addressing a singl