4 min
Threat Intel
The Top Threat Actors Targeting Financial Services Organizations
This post discusses the key motivations and supporters behind cybercrime groups and lists the top groups that target financial services organizations.
2 min
Analysis of the Ticketmaster Breach
This blog was previously published on blog.tcell.io.
Although there have been a number of breaches in the past few weeks, the story
around the breach at Ticketmaster
is more interesting than most. It combines sophisticated web design, reusable
components, the security model of the web browser, and even a dash of payment
regulations.
The breach itself is interesting b
3 min
Compliance
Address the NAIC Insurance Data Security Model Law
The NAIC Insurance Data Security Model Law suggests a modern approach to detecting and responding to threats. This post looks at a few interesting requirements and shares how we can partner with your team across people, process, and technology.
3 min
InsightAppSec
Scan Management with InsightAppSec: There’s More to Application Security than Long Lists of Vulnerabilities
Knowing what you are scanning, how often, and with how much success is vital to knowing your vulnerability data is accurate, up-to-date, and reflects your security position. InsightAppSec can help.
4 min
Events
A Tale of Security Summer Camp: Rapid7's 2018 Recap of Black Hat and Beyond
From conference talks and business hall exhibitions to security trainings and personal conversations, the big takeaway from the past week was undeniable. Our industry is at an inflection point, and everyone is focused on a common theme: unification.
2 min
Patch Tuesday
Patch Tuesday - August 2018
Microsoft's updates this month
address over 60 vulnerabilities, 20 of which are classified as Critical. As
usual, most of this month's fixes are browser-related, and nearly half of the
flaws could lead to remote code execution (RCE). Patches for Exchange, SQL
Server, and Microsoft Office were also released.
Two of this month's vulnerabilities have already been seen exploited in th
3 min
CIS Controls
CIS Critical Security Control 19: Steps for Crafting an Efficient Incident Response and Management Strategy
An effective incident response plan helps you quickly discover attacks, contain the damage, eradicate the attacker's presence, and restore the integrity of your network and systems.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup 8/10/18
Check Yourself Before You Wreck Yourself
Even if you're a pro sleuth who can sniff out a vulnerability on even the most
hardened of networks, it's always nice to be have some added validation that
your attack is going to be successful. That's why it's always valuable to have a
solid "check" method available to verify that you're barking up the right tree.
This week bcoles upgraded the UAC check for Windows
to
5 min
CIS Controls
CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security
Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 8/3/18
Meterpreter on Axis
Everyone loves shells, but Meterpreter sessions are always better. Thanks to
William Vu, the axis_srv_parhand_rce
module is now
capable of giving you a Meterpreter session instead of a regular shell with
netcat.
DLL Injection for POP/MOV SS
Another awesome improvement is Brendan Watters' work on the POP/MOV SS exploit
against Windows
(CVE-2018-8897), also k
3 min
Threat Intel
Major Carding Site Replacement: How Altenen.nz Rose From the Ashes of Altenen.com
Here’s our recap of the Altenen takedown and thoughts on where threat hunters should shift their focus for finding new threats and fraud tactics.
4 min
CIS Controls
CIS Critical Security Control 17: Some Assembly Required for Your Security Awareness and Training Program
Developing out a new security program but neglecting to train your employees on it is like shipping out this year’s hottest product but forgetting to stash the instruction manual in the box. The key principle behind CIS Critical Control 17 is implementing a security awareness and training program.
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: 7/27/18
CMS Exploitation Made Simple
"CMS Made Simple" is an open-source Content Management System. Mustafa Hasen
discovered and reported that
versions 2.2.5 and 2.2.7 include a vulnerability in file uploads that permit an
authenticated attacker to gain execution of arbitrary PHP scripts. The
multi/http/cmsms_upload_rename_rce
exploit module uses our PHP Meterpreter to gain full
4 min
Threat Intel
Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.
2 min
Beyond RASP Security
The bad news: 100 percent of web applications are vulnerable. It’s not a typo:
100 percent of web applications contain at least one vulnerability — on average,
apps have 11 potential weak points.
So, it’s no surprise that organizations are leveraging tools that empower
applications to take defensive action without the need for direct IT
involvement. Known as RASP (runtime application self-protection)
— and
hence the a