Posts tagged Nexpose

4 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q3 2023 in Review

In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.

4 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q2 2023 in Review

In Q2, InsightVM and Nexpose got an improved UI for the Console, custom policy for Agent-Based assessment, a new dashboard card, and more.

5 min Vulnerability Management

What's New in InsightVM and Nexpose: Q1 2022 in Review

The product updates our vulnerability management (VM) team has made to InsightVM and Nexpose in the last quarter will empower you to stay in charge — not the vulnerabilities.

5 min Vulnerability Management

What's New in InsightVM and Nexpose: Q4 2021 in Review

As we enter into the new year, we wanted to provide a recap of product releases and features in InsightVM and Nexpose for Q4 2021.

4 min InsightVM

InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning

Scan Diagnostics will report a “vulnerable” result against assets when the Scan Engine is supplied with credentials but unable to gather local information.

3 min Research

Recog: Data Rules Everything Around Me

Rapid7 has updated the recog framework to help solve the conundrum of content versus code.

2 min Vulnerability Management

Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats.

2 min InsightVM

Nmap Service Detection for Nexpose and InsightVM Scan Engines

As of version 6.6.14 of Nexpose and InsightVM, the Scan Engine can now utilize Nmap service probes in addition to existing detection methods to improve the discovery of previously unsupported protocols and services.

3 min Nexpose

AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan

AWS instances present many challenges to security practitioners, who must manage the spikes and dips of resources in infrastructures that deal in very short-lived assets. Better and more accurate syncing of when instances are spun up or down, altered, or terminated directly impacts the quality of security data. A New Discovery Connection Today we’re excited to announce better integration between the Security Console and Amazon Web Services with the new Amazon Web Services Asset Sync discovery c

2 min Vulnerability Management

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement [http://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/] describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502 [http://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known vulnerability pattern, and I would expect crimeware kits to

4 min Nexpose

R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms

Summary Nexpose [http://4hko.drordi.com/products/nexpose/] physical appliances shipped with an SSH configuration that allowed obsolete algorithms to be used for key exchange and other functions. Because these algorithms are enabled, attacks involving authentication to the hardware appliances are more likely to succeed. We strongly encourage current hardware appliance owners to update their systems to harden their SSH configuration using the steps outlined under “Remediation” below. In addition,

3 min Nexpose

InsightVM/Nexpose Patch Tuesday Reporting

Many of our customers wish to report specifically on Microsoft patch related vulnerabilities [http://4hko.drordi.com/fundamentals/vulnerabilities-exploits-threats/]. This often includes specific vulnerabilities that are patched in Patch Tuesday updates. This post will show you the various ways that you can create reports for each of these. Remediation Projects Remediation Projects are a feature included in InsightVM [http://4hko.drordi.com/products/insightvm/] that allow you to get a live view

2 min Nexpose

Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose

Just when you'd finished wiping away your WannaCry [/2017/05/12/wanna-decryptor-wncry-ransomware-explained] tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 [http://4hko.drordi.com/db/vulnerabilities/samba-cve-2017-7494] (no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon). As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's overview of the Samba vulnerabil

2 min Vulnerability Management

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose [http://4hko.drordi.com/products/nexpose/] and InsightVM [http://4hko.drordi.com/products/insightvm/] users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. If you are a Rapid7 customer who has any questions about this issue, please don't hesitate to contact your custome

3 min Metasploit

Exploitable Vulnerabilities: A Metasploit-Vulnerability Management Love Story

Integrating InsightVM [http://4hko.drordi.com/products/insightvm/] or Nexpose [http://4hko.drordi.com/products/nexpose/] (Rapid7's vulnerability management solutions [http://4hko.drordi.com/solutions/vulnerability-management/]) with Metasploit [http://4hko.drordi.com/products/metasploit/] (our penetration testing solution [http://4hko.drordi.com/solutions/penetration-testing/]) is a lot like Cupid playing “matchmaker” with vulnerabilities and exploit modules [http://4hko.drordi.com/fundamentals