CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

Rapid7 Insight Platform 安全漏洞

Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys and settings from Rapid7 USA. Rapid7 Insight Platform has a security vulnerability that stems from a lack of authorization checks. An attacker can exploit the vulnerability to elevate privileges...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

CleverSoar Installer Used to Deploy Nidhogg Rootkit and Winos4.0 Framework Against Targeted Users In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims. CleverSoar is designed to deploy and protect multip...

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...

Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ AWS new Resource Control Policies RCPs, a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner f...

Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being. At Rapid7, we believe that the best ideas and solutions come from diverse,...

Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products

In today’s complex threat landscape, organizations need every advantage at their disposal to stay secure–starting with maximizing the tools they already have within their ecosystem. With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for...

New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations

Co-authored by Ed Montgomery & René Fusco, Rapid7 In today’s cybersecurity landscape, organizations need robust detection and response solutions to stay ahead of evolving threats. Rapid7’s InsightIDR, the foundation of our Managed Detection and Response MDR service, empowers security teams with...

Patch Tuesday - November 2024

Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

“Only 17% of organizations can clearly identify and inventory a majority 95% or more of their assets.” - Gartner Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management TVM, you have asked your IT departme...

CVE-2024-10526

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...

CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...

CVE-2024-10526

The provided data confirms CVE-2024-10526 affects Rapid7 Velociraptor MSI Installer before version 0.73.3. The issue stems from the installer creating the installation directory with WRITE_DACL permissions for BUILTIN\Users, enabling non-admin local users to grant themselves Full Control on Veloc...

CVE-2024-10526 Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITEDACL permission to the BUILTIN\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on...

Rapid7 Velociraptor MSI Installer 安全漏洞

Rapid7 Velociraptor MSI Installer is a unique, advanced, open source endpoint monitoring, digital forensics, and cyber response platform from Rapid7 USA. A security vulnerability exists in Rapid7 Velociraptor MSI Installer prior to version 0.73.3 that originates from the execution of arbitrary co...

Investigating a SharePoint Compromise: IR Tales from the Field

Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function CWE-306 in the FortiManager...

Root Access for Data Control: A DEF CON IoT Village Story

Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...

What’s New in Rapid7 Products & Services: Q3 2024 in Review

This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers command of their attack surface: the Rapid7 Command Platform, our unified threat exposure and detection and response platform. With this, we introduced two exciting new products:...