The news from the week is discussed, including how recent data breaches have fed off password reuse and how a university paid $20K after a ransomware attack.
Tag Archives: Rapid7
The Illusion Of An Encrypted Internet
Rapid7 released its National Exposure Index, which measures the top 30 ports and protocols on IPv4 and quantifies unsecured services running on the Internet.
Moxa Won’t Patch Publicly Disclosed Flaws Until August
A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to ICS-CERT.
Private SSH Key, Weak Default Credentials Removed From ExaGrid Appliances
ExaGrid has removed public-private pairings and weak, hardcoded default credentials from its disk-backup appliances.
HD Moore To Build New Venture Capital Firm
Metasploit creator HD Moore announced he’s leaving Rapid7 at the end of the month for a new venture capital opportunity.
Juniper Backdoor Password Goes Public
The password protecting one of the two Juniper backdoors was published after it was discovered by researchers at Fox-IT and Rapid7.
Critical Flaws Found in Network Management Systems
Rapid7 has reported and disclosed a half-dozen XSS and SQL injection flaws in popular network management systems, all of which can be reached via SNMP.
Advantech ICS Gear Still Vulnerable to Shellshock, Heartbleed
Rapid7 disclosed that Advantech EKI industrial control gear remains vulnerable to Shellshock and Heartbleed, in addition to a host of other vulnerabilities.
Yahoo Hires Bob Lord as its CISO
Yahoo has hired former Twitter and Rapid7 security executive Bob Lord as its new CISO, taking over for Alex Stamos, who this summer left Yahoo for Facebook.
Trey Ford on Mapping the Internet with Project Sonar
Trey Ford from Project Sonar describes the group’s initiative at Kaspersky’s Security Analyst Summit. The Rapid 7 service scans public-facing networks for apps, software, and hardware, then analyzes that cache of information to gain insight to trends and common vulnerabilities.