3 min
Vulnerability Management
Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know
On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.
2 min
Patch Tuesday
Patch Tuesday - February 2019
Microsoft got back in the swing of things today after a couple of relatively
light months, with over 70 separate CVEs
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573]
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
8 min
Vulnerability Management
Understanding Ubiquiti Discovery Service Exposures
On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.
4 min
InsightVM
Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure
Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.
3 min
Research
Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know
Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.
2 min
Vulnerability Management
What WannaCry Taught Me About the Benefits of Agents in VM Programs
In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.
2 min
InsightVM
Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities
InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.
3 min
InsightVM
How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations
Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.
3 min
AWS
Rapid7 Partners with AWS Security Hub for Deeper Vulnerability Reporting
Last month, we were thrilled to announce our integration with AWS Security Hub at AWS re:Invent.
5 min
InsightVM
Did You Remediate That? New InsightVM Executive Report Provides Key Details on Team Progress
We have developed the InsightVM Executive Report so that companies can easily report on month-over-month trends in their vulnerability management programs.
2 min
Whiteboard Wednesday
Whiteboard Wednesday: Common Vulnerabilities as Personified by Halloween Costumes
As a security professional, you don’t need a haunted house to feel spooked this Halloween—just start exploring your environment in search of vulnerabilities.
5 min
InsightVM
Quantifying Vulnerability Risk: How to Quickly Calculate and Prioritize Risk
Here is a first-hand look at how we quantify the Real Risk Score and how this helps practitioners address the top vulnerabilities in their ecosystems.
2 min
Vulnerability Management
Take a Bite out of the Vulnerability Remediation Backlog with InsightVM
Security teams dealing with expanding networks and increasingly sophisticated attacks can use InsightVM to help stay on top of their vulnerability backlog.
2 min
Patch Tuesday
Patch Tuesday - October 2018
This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.
3 min
Patch Tuesday
Patch Tuesday - September 2018
More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).