Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

Rapid7 Blog




Microsoft Security Bulletin Summary for December 2012

Microsoft Security Bulletin Summary for December 2012 contains seven bulletins; five critical and two important. The key take away for this month's patch cycle is that most of the impact related to these vulnerabilities can be drastically minimized if the “least privilege” principle…

Microsoft Security Bulletin Summary for November 2012

Microsoft Security Bulletin Summary for November 2012 contains eight bulletins and patches 17 vulnerabilities. A couple of bulletins – MS12-071 and MS12-075 – will need to be addressed as soon as possible.MS12-071 is a cumulative security update for Internet Explorer 9. This will be…

Microsoft Security Bulletin Summary for October 2012

Microsoft Security Bulletin Summary for October 2012 contains 7 bulletins to patch 20 vulnerabilities.MS12-064, rated at critical, affects Microsoft Word and would allow an attacker to send a malicious file which, when opened or previewed, would fully compromise the victim's system. Organizations and consumers…

White House Spear Phished

Yesterday news broke that an unclassified system at the White House Military Office was breached via a spear phish attack. The news of this attack is not surprising at all. Our government networks are under non-stop targeted attacks and some of these attacks will eventually…

Microsoft Security Bulletin Summary for September 2012

The Microsoft Security Bulletin Summary for September 2012 includes just two bulletins, both of which address vulnerabilities rated “important”. The first, MS12-061, addresses a cross site scripting vulnerability (CVE-2012-1892) that affects Microsoft Developer Tools. The second bulletin, MS12-062, addresses a reflective cross site…

Microsoft Security Bulletin Summary for August 2012

Microsoft's Patch Tuesday Security Bulletin Summary for August 2012 contains nine bulletins and addresses 28  vulnerabilities. MS12-052 is a critical patch for four vulnerabilities in Internet Explorer 6, 7, and 8. This bulletin is a continuation in Microsoft's monthly Internet Explorer patch cadence. This…

There's a Hole in the Network

In this post SecurityStreet meets Sesame Street. One of my favorite travel songs growing up was "There's a hole in the bucket". The song can literally go on forever, which can be headache inducing at times. Here's the Sesame Street rendition, it may hit close…

Yahoo! Voices Breach Infographic

On July 11th, Yahoo! Voices website made news when 453,492 accounts containing email addresses and passwords were breached. David Maloney (@TheLightCosine) and I performed some analysis on the leak and our Rapid7 team created the infographic below. There is an old saying, "I can…

Microsoft Security Bulletin Summary for July 2012

The Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important. All of the critical bulletins address vulnerabilities where a victim could be exploited if they visit…

Microsoft Security Bulletin Summary for June 2012

The Microsoft Security Bulletin Summary for June 2012 contains 7 bulletins addressing 28 security bugs.  Three of the bulletins are rated “critical” and the rest “important”.MS12-036 is a critical bulletin that addresses vulnerabilities allowing an attacker remote code execution…

Oracle Issues Java Security Fixes

Oracle released Java Release 7 Update 5 and Java Release 6 Update 33 in order to patch several security vulnerabilities. I expect older versions to have public exploit code available soon. IsJavaExploitable.com has been updated to assist everyone in detecting if they need to…

It's Time to Ban Bad Passwords

An important thing in the world of information security is to learn from our past mistakes. With 24-hour news cycles and the Internet, netizens seem to have developed very short memories. In late 2010, Gawker Media was compromised, revealing 188,279 plaintext passwords online. Many…

Microsoft Releases Windows Server Update Services (WSUS) Update

Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2):http://support.microsoft.com/kb/2720211By hardening the Windows Server Update Services (WSUS), Microsoft is attempting to assure their customers that they can trust the update process. From…

How to Change Your LinkedIn Password

Here is a couple of screen captures to help people change their LinkedIn Password. I highly recommend reading this post on Password Tips.Click on your username > Settings:Click on Account > Change password…

Confusion over the FLAME platform and Flame Malware

I've seen a couple of postings on the Internet about a possible link between Flame malware with a project from National Laboratory for Scientific Computing (LNCC) in Brazil. They released a tool called Flexible and Lightweight Active Measurement Environment (FLAME) in 2009. This version of…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More


Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More