Rapid7 Blog

mjc  

AUTHOR STATS:

53

Microsoft Security Bulletin Summary for December 2012

Microsoft Security Bulletin Summary for December 2012 contains seven bulletins; five critical and two important. The key take away for this month's patch cycle is that most of the impact related to these vulnerabilities can be drastically minimized if the “least privilege” principle…

Microsoft Security Bulletin Summary for November 2012

Microsoft Security Bulletin Summary for November 2012 contains eight bulletins and patches 17 vulnerabilities. A couple of bulletins – MS12-071 and MS12-075 – will need to be addressed as soon as possible.MS12-071 is a cumulative security update for Internet Explorer 9. This will be…

Microsoft Security Bulletin Summary for October 2012

Microsoft Security Bulletin Summary for October 2012 contains 7 bulletins to patch 20 vulnerabilities.MS12-064, rated at critical, affects Microsoft Word and would allow an attacker to send a malicious file which, when opened or previewed, would fully compromise the victim's system. Organizations and consumers…

White House Spear Phished

Yesterday news broke that an unclassified system at the White House Military Office was breached via a spear phish attack. The news of this attack is not surprising at all. Our government networks are under non-stop targeted attacks and some of these attacks will eventually…

Microsoft Security Bulletin Summary for September 2012

The Microsoft Security Bulletin Summary for September 2012 includes just two bulletins, both of which address vulnerabilities rated “important”. The first, MS12-061, addresses a cross site scripting vulnerability (CVE-2012-1892) that affects Microsoft Developer Tools. The second bulletin, MS12-062, addresses a reflective cross site…

Microsoft Security Bulletin Summary for August 2012

Microsoft's Patch Tuesday Security Bulletin Summary for August 2012 contains nine bulletins and addresses 28  vulnerabilities. MS12-052 is a critical patch for four vulnerabilities in Internet Explorer 6, 7, and 8. This bulletin is a continuation in Microsoft's monthly Internet Explorer patch cadence. This…

There's a Hole in the Network

In this post SecurityStreet meets Sesame Street. One of my favorite travel songs growing up was "There's a hole in the bucket". The song can literally go on forever, which can be headache inducing at times. Here's the Sesame Street rendition, it may hit close…

Yahoo! Voices Breach Infographic

On July 11th, Yahoo! Voices website made news when 453,492 accounts containing email addresses and passwords were breached. David Maloney (@TheLightCosine) and I performed some analysis on the leak and our Rapid7 team created the infographic below. There is an old saying, "I can…

Microsoft Security Bulletin Summary for July 2012

The Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important. All of the critical bulletins address vulnerabilities where a victim could be exploited if they visit…

Microsoft Security Bulletin Summary for June 2012

The Microsoft Security Bulletin Summary for June 2012 contains 7 bulletins addressing 28 security bugs.  Three of the bulletins are rated “critical” and the rest “important”.MS12-036 is a critical bulletin that addresses vulnerabilities allowing an attacker remote code execution…

Oracle Issues Java Security Fixes

Oracle released Java Release 7 Update 5 and Java Release 6 Update 33 in order to patch several security vulnerabilities. I expect older versions to have public exploit code available soon. IsJavaExploitable.com has been updated to assist everyone in detecting if they need to…

It's Time to Ban Bad Passwords

An important thing in the world of information security is to learn from our past mistakes. With 24-hour news cycles and the Internet, netizens seem to have developed very short memories. In late 2010, Gawker Media was compromised, revealing 188,279 plaintext passwords online. Many…

Microsoft Releases Windows Server Update Services (WSUS) Update

Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2):http://support.microsoft.com/kb/2720211By hardening the Windows Server Update Services (WSUS), Microsoft is attempting to assure their customers that they can trust the update process. From…

How to Change Your LinkedIn Password

Here is a couple of screen captures to help people change their LinkedIn Password. I highly recommend reading this post on Password Tips.Click on your username > Settings:Click on Account > Change password…

Confusion over the FLAME platform and Flame Malware

I've seen a couple of postings on the Internet about a possible link between Flame malware with a project from National Laboratory for Scientific Computing (LNCC) in Brazil. They released a tool called Flexible and Lightweight Active Measurement Environment (FLAME) in 2009. This version of…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now