Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Snow Tempest  

AUTHOR STATS:

13

Aiming at critical moving targets: Advanced Nexpose scanning

One of the exciting but challenging aspects of working in the security industry is how quickly things change. You have to protect critical data while physical and virtual devices are coming on and offline, and new threats are announced on a regular basis. Advanced features…

The Easy Button for Updating your Nexpose Database

Relax while Nexpose does the work for you You may have received notifications that you need to update your Nexpose database soon in order to continue receiving product updates. You may have been putting it off because it sounds like a pain. Good news: it's…

Not stuck in the middle: How to dynamically find assets with vulnerable versions of OpenSSL

On July 9, 2015, the OpenSSL team has announced a vulnerability in specific versions of OpenSSL 1.0.1 and 1.0.2. This vulnerability is listed as “high severity” because it can fail to correctly validate that a certificate presented is issued by a…

New and improved asset tracking in Nexpose

As of Nexpose 5.13, Nexpose makes it easier for you to gain an asset centric-view of your environment, which will help you with tracking and reporting. An asset is a single device on a network that the application discovers during a scan.  As you…

Why and how to make sure your scan credentials are configured correctly

Recently in Computerworld, a security manager reported on a frightening realization about the user account he was using in his unnamed vulnerability scanner. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for…

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

A recently discovered severe vulnerability, nicknamed GHOST, can result in remote code execution exploits on vulnerable systems. Affected systems should be patched and rebooted immediately. Learn more about CVE-2015-0235 and its risks. The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability.…

POODLE Jr.: The Revenge - How to scan for CVE-2014-8730

A severe vulnerability was disclosed in the F5 implementation of TLS 1.x that allows incorrect padding and therefore jeopardizes the protocol's ability to secure communications in a way similar to the POODLE vulnerability. The Nexpose 5.11.10 update provides coverage for this vulnerability,…

How to use Nexpose as part of your internal PCI compliance program

If your systems process, store, or transmit credit card holder data, you may be using Nexpose to comply with the Payment Card Industry (PCI) Security Standards Council Data Security Standards (DSS). The newest PCI internal audit scan template released as part of Nexpose 5.11.…

Block the POODLE's bite: How to scan for CVE-2014-3566

A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly jeopardizes the protocol's ability to secure communications. All versions of SSL have been deprecated and its use should be avoided wherever possible. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the attack…

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

_[Edited 10:05 AM PDT, October, 2014 for the Nexpose 5.10.13 release]_ [Edited 10:05 AM PDT, September 26, 2014 for the Nexpose 5.10.11 release] A severe vulnerability was disclosed in bash that is present on most Linux, BSD, and Unix-like…

New Nexpose Help

The Nexpose 5.10.3 release includes updated Help files. The first change you may notice is a new look. The Nexpose Help design now matches that of Metasploit. The look also corresponds to the updated look of the PDF User's Guide, which debuted last…

Nexpose search update: Find partial matches by default

As of Nexpose 5.9.20, when you run initial searches with partial strings in the Search box that appears in the upper-right corner of most pages in the Web interface, results include all terms that even partially match those strings.This change was made…

Scanning time machine: Reporting on a historical scan

In network security, the questions are urgent. Are we protected against malware? Do we have protocols in place to prevent a hacker from breaking in?Sometimes, however, you need to look back in time and see what the status was in the past.If you…