Posts tagged Vulnerability Management

3 min InsightAppSec

Scan Management with InsightAppSec: There’s More to Application Security than Long Lists of Vulnerabilities

Knowing what you are scanning, how often, and with how much success is vital to knowing your vulnerability data is accurate, up-to-date, and reflects your security position. InsightAppSec can help.
2 min Patch Tuesday

Patch Tuesday - August 2018

Microsoft's updates this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573] address over 60 vulnerabilities, 20 of which are classified as Critical. As usual, most of this month's fixes are browser-related, and nearly half of the flaws could lead to remote code execution (RCE). Patches for Exchange, SQL Server, and Microsoft Office were also released. Two of this month's vulnerabilities have already been seen exploited in th
4 min Customer Perspective

Why Bow Valley College Gives Rapid7 InsightVM High Marks for Vulnerability Management

Bow Valley College uses InsightVM dashboards to identify quick wins, measure success, and communicate to senior leadership. James Cairns, database administrator at Bow Valley College, gave us a look into their vulnerability management journey with Rapid7. It’s my job to assess vulnerabilities, facilitate patching, and work with the rest of my infrastructure team to optimize our resources in order to stay on top of security issues. As the database administrator for Bow Valley College in Calgary,
2 min Patch Tuesday

Patch Tuesday - June 2018

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573] is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by Microsoft. However, a bit of excitement came earlier this month, with an out-of-band patch for Adobe Flash Player released last Thursday [https://helpx.adobe.com/security/products/flash-player/apsb18-19.html] to fix four security issues. Two of these were flaws that can lead

4 min Vulnerability Management

CVE 100K: A Big, Round Number

There have been 100,000 CVEs published. That's a big, round number.
6 min Vulnerability Management

CVE 100K: By The Numbers

There have been 100,000 CVEs published. Here are some stats on the program so far.
5 min Vulnerability Management

Drupalgeddon Vulnerability: What is it? Are You Impacted?

First up: many thanks to Brent Cook [/author/brent-cook/], William Vu [/author/william-vu/] and Matt Hand for their massive assistance in both the Rapid7 research into “Drupalgeddon” and their contributions to this post. Background on the Drupalgeddon vulnerability The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28 ) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory was released with a patch and CVE (CVE-2018-7600) [https://www.rapid7.com/
2 min InsightVM

Rapid7 InsightVM Named Best Vulnerability Management Solution by SC Magazine

SC Media has announced the 2018 SC Awards and (drumroll, please…) InsightVM [https://www.rapid7.com/products/insightvm/] is proud to take top honors as Best Vulnerability Management Solution in the Trust Awards category. Our team works tirelessly day in and day out to bring SecOps best practices [https://www.rapid7.com/solutions/secops/] to our customers, help our customers secure their modern networks, and work across teams to solve their trickiest problems. It means the world to us when th
5 min Vulnerability Management

How to Remediate Vulnerabilities Across Multiple Offices

Your vulnerability scanner [https://www.rapid7.com/products/insightvm/] embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and you find out that not everything was fixed and issues have progressed. For companies with distributed offices, it can be tricky to communicate issues to teammates you have limited facetime with, get things done quickly w
3 min Patch Tuesday

Patch Tuesday - April 2018

Over 70 vulnerabilities have been fixed this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d] , including 6 in Adobe Flash [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] ( APSB18-08 [https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once ag
3 min Vulnerability Management

Cisco Smart Install (SMI) Remote Code Execution

What You Need To Know Researchers from Embedi discovered [https://web.archive.org/web/20180828224625/https://embedi.com/blog/cisco-smart-install-remote-code-execution/] (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution [https://www.rapid7.com/fundamentals/what-is-remote-code-execution-rce/] without authentication. Cisco Smart Install (SMI) is a “plug-and-play” confi
3 min Vulnerability Management

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM [https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of years of hard work from our product team, but also because we believe that it represents the thousands of days and nights spent working with customers to understand the challen
2 min Patch Tuesday

Patch Tuesday - March 2018

There are a lot of fixes this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d] : Microsoft's updates include patches for 76 separate vulnerabilities, including two critical Adobe Flash Player remote code execution (RCE) vulnerabilities [https://helpx.adobe.com/security/products/flash-player/apsb18-05.html]. In fact all of this month's critical vulnerabilities are browser-related. This is not surprising considering web brows
4 min CIS Controls

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. If you’ve ever driven on a major metropolitan highway system, you’ve seen it: The flow of traffic is completely engineered. Routes are optimized to allow travelers to reach their destinations as quickly as possible. Traffic laws speci
2 min Patch Tuesday

Patch Tuesday - February 2018

It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual CVEs have been fixed [https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft, most of which (34) are rated "Important". As usual, most of the 14 considered "Critical" are web browser vulnerabilities that could lead to remote code execution (RCE). The most concerning non-browser issue is CVE-2018-0825 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825] , an RCE i

Popular Topics

Tags