360° SearchNetwork Hot Spots Trends Time Series

Publication: Jive SBS Syndication Feed

First reported 13 hours ago - Updated 13 hours ago - 1 reports

Weekly Update: 4.6.1, ColdFusion Exploit, and SVN Lockdown

div class="jive-rendered-content">Metasploit 4.6.1 Released This week's update bumps the patch version of Metasploit to 4.6.1 (for installed versions of Metasploit). The major change here is the ability to install Metasploit on Windows 8 and Windows ... [Published Jive SBS Syndication Feed - 13 hours ago]

Entities: Metasploit, Adobe ColdFusion, Michael Messner, Soap

First reported May 21 2013 - Updated May 21 2013 - 1 reports

NIST National Institute of Standards & Technology

NIST’s Updated Security Controls Catalog Highlights Mobile As A Key Threat

div class="jive-rendered-content"> The US National Institute of Standards and Technology’s (NIST) recently published fourth revision to the “ Security and Privacy Controls for Federal Information Systems and Organizations ”, is the most comprehensive ... [Published Jive SBS Syndication Feed - May 21 2013]

Entities: NIST National Institute of Standards & Technology, Security, Threat, Intelligence Community, BYOD Bring Your Own Device

First reported May 20 2013 - Updated May 20 2013 - 1 reports

Git Clone Metasploit; Don't SVN Checkout

div class="jive-rendered-content"> TL;DR: Please stop using SVN with svn co https://www.metasploit.com/svn/framework3/trunk and start using the GitHub repo with git clone git://github.com/rapid7/metasploit-framework As of today, a few of you ... [Published Jive SBS Syndication Feed - May 20 2013]

Entities: Metasploit, GitHub, Authentication, Framework, Corroboration

First reported May 15 2013 - Updated May 15 2013 - 1 reports

Nexpose 5.6 - Top Remediation Reports - Reports that provide the biggest bang for your buck

div class="jive-rendered-content"> Nexpose 5.6, in case you haven't heard, added the Top Remediation report templates. Why is this a game changer??? Because now you can view security from an actionable lens that focuses and expands to fit your needs. ... [Published Jive SBS Syndication Feed - May 15 2013]

Entities: NeXpose, Vulnerability, Environment

First reported May 15 2013 - Updated May 15 2013 - 1 reports

Microsoft Corporation

May 2013 - Patch Tuesday, the "yet another IE 0-day edition"

div class="jive-rendered-content"> Going into this patch Tuesday the big question was: will MS13-038 address the “ Department of Labor IE 0-day (CVE-2013-1347) ”? Microsoft had hinted strongly that a patch was on the way, with the unspoken caveat that ... [Published Jive SBS Syndication Feed - May 15 2013]

Entities: Microsoft Corporation, Scheduled Wave, Google Chrome Browser

First reported May 15 2013 - Updated May 15 2013 - 1 reports

Mac OS X

New 1day Exploits: Mutiny Vulnerabilities

div class="jive-rendered-content"> Back in March we published an exploit module for Mutiny Remote Code Execution . Mutiny "is a self-contained appliance for monitoring network-attached devices such as servers, switches, routers and printers. It ... [Published Jive SBS Syndication Feed - May 15 2013]

Entities: Metasploit, Mac OS X, Java (IT)

First reported May 14 2013 - Updated May 14 2013 - 1 reports

UNITED Training Packages Available

div class="jive-rendered-content">Extend your stay, take one of our training classes and earn an EXTRA 16 CPE Credits! Classes will be held at the hotel on Aug 22 - 23. Nexpose Advanced:Extend, Integrate and Analyze Our Rapid7 experts will lead ... [Published Jive SBS Syndication Feed - May 14 2013]

Entities: NeXpose, Penetration Testing, Rapid7 LLC, Metasploit

First reported May 14 2013 - Updated May 14 2013 - 1 reports

Security Concerns Around Application Updates in Android

div class="jive-rendered-content"> In the mobile world, application updates are usually distributed by a central authority, like the Google Play Store or the Apple App Store. This offers convenience for the user, since all of the applications can ... [Published Jive SBS Syndication Feed - May 14 2013]

Entities: Google Play, Malware, Google Android, Security, Google Inc

First reported May 13 2013 - Updated May 13 2013 - 1 reports

Vaccinating systems against VM-aware malware

div class="jive-rendered-content"> The neverending fight with malware forced researchers and security firms to develop tools and automated systems to facilitate the unmanageable amount of work they've been facing when dissecting malicious artifacts: ... [Published Jive SBS Syndication Feed - May 13 2013]

Entities: Malware, Conficker, VirtualBox, Infection, Evasion

First reported May 08 2013 - Updated May 08 2013 - 1 reports

Creating Asset Groups from IPs

div class="jive-rendered-content"> I put together a script recently to solve a customer problem, but it struck me that it is a problem many organizations might have. What happens when you are in charge of the Nexpose console, but someone else is ... [Published Jive SBS Syndication Feed - May 08 2013]

Entities: NeXpose, Susan Smith, Microsoft Excel, IP Address

First reported May 08 2013 - Updated May 08 2013 - 1 reports

Announcement: End-of-Life for Nexpose 32-bit versions

div class="jive-rendered-content"> Rapid7 announces the end of life of Nexpose 32-bit versions for both Windows and Linux operating systems on May 7, 2014. This announcement applies to all editions of the Nexpose including Community, Express, Consultant, ... [Published Jive SBS Syndication Feed - May 08 2013]

Entities: NeXpose, Rapid7 LLC, Enterprise, Linux OS

First reported Apr 30 2013 - Updated Apr 30 2013 - 3 reports

Webcast Q&A: OWASP Top 10 and Web App Scanning Webcast

div class="jive-rendered-content"> First of all, a big thank you to all of you who participated in our OWASP Top 10 and Web App Scanning webcast last week. (If you missed it, you can view a recording here. ) Because of an issue with the webcast platform, ... [Published Jive SBS Syndication Feed - Apr 30 2013]

Entities: Metasploit, OWASP, NeXpose

Quotes

...The next request allows uploading JSP code to the "/usr/jakarta/tomcat/webapps/ROOT/m/msf.jsp” location:"

New 1day Exploits: Mutiny Vulnerabilities [Published Jive SBS Syndication Feed - May 15 2013]

This idea is by no means new or unique - others have used similar approaches before. Tillmann Werner and Felix Leder created " nonficker ", a tool that pre-registers Conficker mutexes on a system in order to inoculate it against Conficker infections. As a high percentage of malicious samples uses mutexes to limit double infection, one could imagine a tool that uses this technique for protecting against all those samples at the same time. Sadly it is quite time-consuming to reconstruct the correct mutex generation algorithm that is used in the malware itself."

Vaccinating systems against VM-aware malware [Published Jive SBS Syndication Feed - May 13 2013]

...$ ./create_asset_group.rb ip-list.txt -n 'Remediation May 2013' -d "Assets where remediation was applied by Susan Smith in May 2013." -h nx-console.company.com -u nxadmin

Creating Asset Groups from IPs [Published Jive SBS Syndication Feed - May 08 2013]

One of the points argued by this organization was the need for an "internal pen test" required under PCI 11.3. This is an excellent case study for " Why do we need this? It induces more risks ". Here are highlights extracted from an opinion poll on this topic:"

PCI 30 seconds newsletter #29 - Do all PCI DSS requirements apply? [Published Jive SBS Syndication Feed - May 06 2013]

More Content

sort by: Date \| Relevance
Weekly Update: 4.6.1, ColdFusion Exploit, and S... [Published Jive SBS Syndication Feed - 13 hours ago]
NIST’s Updated Security Controls Catalog Highli... [Published Jive SBS Syndication Feed - May 21 2013]
Git Clone Metasploit; Don't SVN Checkout [Published Jive SBS Syndication Feed - May 20 2013]
Nexpose 5.6 - Top Remediation Reports - Reports... [Published Jive SBS Syndication Feed - May 15 2013]
New 1day Exploits: Mutiny Vulnerabilities [Published Jive SBS Syndication Feed - May 15 2013]
May 2013 - Patch Tuesday, the "yet another IE 0... [Published Jive SBS Syndication Feed - May 15 2013]
UNITED Training Packages Available [Published Jive SBS Syndication Feed - May 14 2013]
Security Concerns Around Application Updates in... [Published Jive SBS Syndication Feed - May 14 2013]
Vaccinating systems against VM-aware malware [Published Jive SBS Syndication Feed - May 13 2013]
Creating Asset Groups from IPs [Published Jive SBS Syndication Feed - May 08 2013]
Announcement: End-of-Life for Nexpose 32-bit ve... [Published Jive SBS Syndication Feed - May 08 2013]
Whiteboard Wednesday [Published Jive SBS Syndication Feed - May 08 2013]
Phishers Increasingly Taking Aim at Mobile [Published Jive SBS Syndication Feed - May 07 2013]
Using Dynamic Asset Groups to Detect 0-Day Vuln... [Published Jive SBS Syndication Feed - May 06 2013]
PCI 30 seconds newsletter #29 - Do all PCI DSS ... [Published Jive SBS Syndication Feed - May 06 2013]
Department of Labor IE 0-day Now Available at M... [Published Jive SBS Syndication Feed - May 05 2013]
Metasploit's 10th Anniversary: Laptop Decal Des... [Published Jive SBS Syndication Feed - May 03 2013]
Weekly Update: WordPress Total Cache and Mimikatz [Published Jive SBS Syndication Feed - May 02 2013]
Weekly Update: WordPress Total Cache and Mimikatz [Published Jive SBS Syndication Feed - May 01 2013]
Nexpose 5.6 - CIS RHEL Certified! [Published Jive SBS Syndication Feed - May 01 2013]
Webcast Q&A: OWASP Top 10 and Web App Scanning ... [Published Jive SBS Syndication Feed - Apr 30 2013]
Should I scan websites with Metasploit or Nexpose? [Published Jive SBS Syndication Feed - Apr 30 2013]
Will there be a cloud version of Metasploit? [Published Jive SBS Syndication Feed - Apr 30 2013]
ACLU Highlights Risk of Mobile Device Vulnerabi... [Published Jive SBS Syndication Feed - Apr 30 2013]
Spying on the Seven Seas with AIS [Published Jive SBS Syndication Feed - Apr 29 2013]
LivingSocial breached [Published Jive SBS Syndication Feed - Apr 29 2013]
Abusing Safari's webarchive file format [Published Jive SBS Syndication Feed - Apr 25 2013]
Simplify Vulnerability Management with Nexpose 5.6 [Published Jive SBS Syndication Feed - Apr 25 2013]
Social Media: Vector for the New Economic Attack? [Published Jive SBS Syndication Feed - Apr 25 2013]
Weekly Update: Pull Request Wrangling [Published Jive SBS Syndication Feed - Apr 24 2013]

Blogs

sort by: Date \| Relevance
Weekly Update: 4.6.1, ColdFusion Exploit, and S... [Published Jive SBS Syndication Feed - 13 hours ago] div class="jive-rendered-content">Metasploit 4.6.1 Released This week's update bumps the patch version of Metasploit to 4.6.1 (for installed versions of Metasploit). The major change here is the ability to install Metasploit on Windows 8 and Windows ...
NIST’s Updated Security Controls Catalog Highli... [Published Jive SBS Syndication Feed - May 21 2013] div class="jive-rendered-content"> The US National Institute of Standards and Technology’s (NIST) recently published fourth revision to the “ Security and Privacy Controls for Federal Information Systems and Organizations ”, is the most comprehensive ...
Git Clone Metasploit; Don't SVN Checkout [Published Jive SBS Syndication Feed - May 20 2013] div class="jive-rendered-content"> TL;DR: Please stop using SVN with svn co https://www.metasploit.com/svn/framework3/trunk and start using the GitHub repo with git clone git://github.com/rapid7/metasploit-framework As of today, a few of you ...
Nexpose 5.6 - Top Remediation Reports - Reports... [Published Jive SBS Syndication Feed - May 15 2013] div class="jive-rendered-content"> Nexpose 5.6, in case you haven't heard, added the Top Remediation report templates. Why is this a game changer??? Because now you can view security from an actionable lens that focuses and expands to fit your needs. ...
New 1day Exploits: Mutiny Vulnerabilities [Published Jive SBS Syndication Feed - May 15 2013] div class="jive-rendered-content"> Back in March we published an exploit module for Mutiny Remote Code Execution . Mutiny "is a self-contained appliance for monitoring network-attached devices such as servers, switches, routers and printers. It ...