2 min
InsightCloudSec
What's New in DivvyCloud by Rapid7: April 2021
This month, we’d like to focus on one key area of change included in this release: the scheduler.
3 min
InsightCloudSec
DivvyCloud by Rapid7: Feature Release 20.7
This well-rounded release includes a new Microsoft Azure Security Pack, expanded support for Azure resources, added AWS support, and several enhancements applicable to all clouds.
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
[https://www.rapid7.com/products/insightappsec/].
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
3 min
Release Notes
Weekly Metasploit Wrapup
Scanning for the Fortinet backdoor with Metasploit
Written by wvu
Metasploit now implements a scanner for the Fortinet backdoor. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
[*]
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
4 min
Release Notes
Significantly Enhanced, yet Simplified Reporting
The new year is just around the corner and the Internet has been available to
users for almost two decades now. We have had user experiences that have pushed
the boundaries with software, touchscreen devices and mobile applications. We
are now witnessing radical changes in user expectations. We at Rapid7 are
constantly striving to understand these expectations and live up to them.
At Rapid7, our mission is to solve complex security challenges with simple,
innovative solutions that offer speed w
3 min
Release Notes
Security Configuration assessment capabilities that meet your needs with Nexpose 5.4
A new great looking feature in our configuration assessment component has been
added in Nexpose 5.4: the ability to customize policies to meet your unique
contextual needs, i.e. are specific to your environment. You are now going to be
able to copy a built-in policy, edit its configuration including the policy
checks values to test your assets for compliance. This flexibility allows for
custom, accurate and relevant configuration assessment.
Configuration assessment is important to assess the r
2 min
Release Notes
Getting the Most from Customizable CSV Exports - Part 6
Hi, my name is Eden Martinez, and I'm a Federal Sales Engineer with Rapid7.
Larger environments often list scalability as one of their top problems;
specifically, too much data. With current tools, it's not hard to generate large
data sets. Most tools are comprehensive with a focus on the largest list of
results wins. While you can turn all the knobs on Nexpose up to 11, I've found
many enterprise environments prefer to focus on prioritization of
vulnerabilities and trending of the results. M
3 min
Release Notes
SOC Monkey - Week in Review - 4.6.2012
Welcome back to my weekly wrap up of trending stories displayed on my SOC Monkey
App, which as I've mentioned, is free in the Apple App Store. Go! Download!
This week, one of the top stories was the Flashback Trojan and the unpatched
Java Vulnerability in Mac OS X. The top tweet comes to us from Ars Technica:
Flashback trojan reportedly controls half a million Macs and counting
[http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting.ars]
4 min
Release Notes
Configuration assessment and policy management in Nexpose 5.2
We love our policy Dashboards. They are new, hot, intuitive, robust and really
useful. In our latest release of Nexpose, version 5.2, we've made two major
enhancements to our configuration assessment capabilities:
* A policy overview dashboard: To understand the current status of compliance
of configurations delivering a summary of the policy itself.A policy rule
dashboard: To provide further details for a particular rule and the current
compliance status for that rule.
What makes th
1 min
Release Notes
SOC Monkey - FREE and in the App Store now!
The name's Monkey. SOC Monkey.
I'm here to provide you with a new free app for the iPhone/iPad/iPod Touch that
will search through infosec topics that are trending on the social web. I'll
also rank them based on what the biggest news items and hottest topics are, so
you can make sure to get your banana's worth.
Now, I'm not going to just barrage you with links. I'm going to use my
incredibly advanced simian brain to curate these news items, so you can focus
more on what you need to get don
2 min
Metasploit
Metasploit 4.2 Released: IPv6, VMware, and Tons of Modules!
Since our last release in October, we've added 54 new exploits, 66 new auxiliary
modules, 43 new post-exploitation modules, and 18 new payloads -- that clocks in
at just about 1.5 new modules per day since version 4.1. Clearly, this kind of
volume is way too much to detail in a single update blog post.
IPv6 Coverage
Metasploit 4.2 now ships with thirteen brand new payloads, all added to support
opening command sessions and shells on IPv6 networks. In addition, Metasploit's
existing arsenal of p
3 min
Release Notes
Nexpose Reaches OWASP Top10 Coverage
Rapid7 is proud to announce that Nexpose's 5.1 web application scanning
capabilities can now detect all types of vulnerabilities in OWASP's Top10
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project]! We've
completed this task with the addition of two new vulnerability checks, A5:
Cross-Site Request Forgery (CSRF)
[https://www.owasp.org/index.php/Top_10_2010-A5] and A8: Failure to Restrict
URL
Access [https://www.owasp.org/index.php/Top_10_2010-A8] . The next paragraphs
will describe
2 min
Release Notes
Metasploit Framework Updated: FastLib and More
Metasploit development moves fast. Blindingly fast, fueled by tons of open
source contributors -- which is one of the reasons why we moved away from our
tried and true SVN repository and on to GitHub. Now that we're on a more modern,
more social development platform, we have all new ways to get overwhelmed with
the pace of change on the Framework, especially since contributor code is that
much easier to integrate now. So, in order to ensure that the more notable
week-over-week changes get their
3 min
Release Notes
Exploit for critical Java vulnerability added to Metasploit
@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez
[https://twitter.com/#!/_juan_vazquez_] recently released a module which
exploits the Java vulnerability detailed here
[http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian
Krebs here
[http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits].
This is a big one. To quote Krebs: "A new exploit that takes advantage of a
recently-patched critical security flaw in Java is making the rounds in the
cri