Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Nexpose  

Multiple Vulnerabilities Affecting Four Rapid7 Products

Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security…

CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin

On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's WebEx browser plugin extension that could allow attackers to perform a remote code execution (RCE) exploit on any Windows host running the plugin. An initial fix was pushed out by Cisco that warned…

Scan Configuration Improvements in Nexpose

A common request we hear from customers is for the ability to schedule scans on individual assets, or on subsets of assets. Currently, you can start a manual scan and choose specific IPs, engine and template, but you need to have permissions to create sites…

Maximizing PCI Compliance with Nexpose and Coalfire

In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.…

Patch Tuesday, January 2017

Update: See below for an update for the upcoming February Patch Tuesday. Microsoft starts off the year with 4 bulletins and continues a long running trend with their products where the majority of bulletins (2) are remote code execution (RCE) followed by an even distribution…

macOS Agent in Nexpose Now

As we look back on a super 2016, it would be easy to rest on one's laurels and wax poetic on the halcyon days of the past year. But at Rapid7 the winter holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent…

Giving the Gift of Time: Nexpose Adaptive Security Improvements

'Tis the holiday season and the Nexpose team is in the giving spirit! At the Rapid7 workshop, we've been busy little helpers building toys for deserving security teams throughout the year. Here are just some of the goodies you can take advantage of NOW: Remediation…

Vulnerability Categories and Severity Levels: "Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you,…

Patch Tuesday, December 2016

December continues a long running trend with Microsoft's products where the majority of bulletins (6) are dominated by remote code execution (RCE) followed by an even distribution of elevation of privilege (3) and information disclosure (3). All of this month's critical bulletins are remote code…

Nexpose Dimensional Data Warehouse and Reporting Data Model: What's the Difference?

The Data Warehouse Export recently added support for a Dimensional Model for its export schema. This provides a much more comprehensive, accessible, and scalable model of data than the previous (now referred to as "Legacy") model. The foundation for this dimensional model is…

Vulnerability Management: Live Assessment and the Passive Scanning Trap

With the launch of Nexpose Now in June, we've talked a lot about the “passive scanning trap” and “live assessment” in comparison. You may be thinking: what does that actually mean?  Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment – and…

Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job

Nexpose supports a variety of complementary reporting solutions that allows you to access, aggregate, and take action upon your scan data. However, knowing which solution is best for the circumstance can sometimes be confusing, so let's review what's available to help you pick the right…

Dimensional Data Warehouse Export, Part of Nexpose 6.4.6

Can You Be Trusted with the Sword of a Thousand Truths? Does the vision of what you want to accomplish appear to you so clearly that it seems real?  After all, you already have the custom integrations, tools, and workflows set that make the most…

Intel Security FOCUS 16 - Recap of a great conference!

Intel Security's user conference FOCUS 16 wrapped up last week, and it was a great experience for Intel Security customers, partners and Rapid7. We announced some exciting new integrations, met with dozens of great mutual customers, and even won some crystal! Here are the highlights…

Patch Tuesday, November 2016

November continues a long running trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE), closely followed by elevation of privilege (6) and security feature bypass (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a…