Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

At Rapid7, our software engineers defend the digital world and design the future of security. With a supportive, collaborative team, immense learning and development opportunities to fine-tune and hone in on skills and knowledge, opportunities to work with innovative technology, and the pursuance...

loolforkit Security Vulnerabilities

Loolforkit is a Global Loolforkit open source application that provides a cloud-based office suite based on collaborative editing. A security vulnerability exists in loolforkit, which can be exploited by an attacker to gain local root privileges...

File Upload Vulnerability in ECM Collaboration Management Platform

Micro macro ECM collaborative office OA and collaborative management platform is to enhance enterprise execution, creativity, learning, cohesion, control, decision-making, resilience of the seven forces of collaboration as the goal, to meet the enterprise personalized, refined, mobile management...

Sophisticated cybersecurity threats demand collaborative, global response

Microsoft’s response to Solorigate Since December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’ As we shared earlier this i...

Sophisticated cybersecurity threats demand collaborative, global response

Microsoft’s response to Solorigate Since December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’ As we shared earlier this i...

Directory Traversal Vulnerability in Collaborative Business Platform of Guangzhou Consulting Technology Co.

Guangzhou Consultative Technology Co., Ltd. specializes in large-scale manufacturing product development and management of collaborative business software consulting and services. A directory traversal vulnerability exists in the collaborative business platform of Guangzhou Consultative Technolog...

North Korea Targets—and Dupes—a Slew of Cybersecurity Pros

The sweeping campaign took advantage of the collaborative spirit among researchers, with an unknown number of victims...

Logic flaw vulnerabilities in the Jinhe collaborative management platform

Beijing Jinhe Network Co., Ltd. is a company that specializes in information networks. A logic flaw vulnerability exists in the Jinhe collaborative management platform, which can be exploited by attackers to obtain sensitive information...

Inbox Attacks: The Miserable Year (2020) That Was

Purging your inbox has become a year-end tradition for many. A short hiatus for the holidays often provides a quiet moment to flush the previous year’s mountain of spam. And, from the looks of our 2020 inbox, years of herculean efforts to harden email defenses have fallen short. The most-targeted...

Arbitrary File Download Vulnerability in Zhiyuan A8-V5 Collaboration Management Software

Beijing Zhiyuan Internet Software Co., Ltd Zhiyuan Internet is a high-tech enterprise integrating product design, research and development, sales and service, providing customers with professional collaborative management software products, solutions, platforms and cloud services, and is a...

Akamai Foundation and Employee Resource Groups Unite

Written by Kara DiGiacomo, Executive Director, Akamai Foundation and Marco Irizarry, Global Manger, Diversity, Inclusion and Social Responsibility On Giving Tuesday, we celebrate joining others in a global movement to give, collaborate, and transform communities and the world. As we think about h...

Weak Password Vulnerability in UCM Collaborative Communication Platform of Beijing Zhongchuang Vision Technology Co.

UCM Collaborative Communication Platform is a SIP communication control hardware device, which can realize traditional video conference system terminal registration, multi-party conference MCU, device management, firewall traversal and so on. There is a weak password vulnerability in the UCM...

Arbitrary File Download Vulnerability in UCM Collaborative Communication Platform of Beijing Zhongchuang Vision Technology Co.

UCM Collaborative Communication Platform is a SIP communication control hardware device, which can realize traditional video conference system terminal registration, multi-party conference MCU, device management, firewall traversal and so on. There is an arbitrary file download vulnerability in t...

XSS Vulnerability in the Collaborative Journal Acquisition and Editing System of China Academic Journals (CD-ROM Version) Electronic Magazine Agency Ltd.

The collaborative editorial system of periodicals is a comprehensive service platform for the whole process of periodicals collection, editing, reviewing, proofreading and distribution. An XSS vulnerability exists in the collaborative journal collection and editing system of China Academic Journa...

Advance Your Career: Life as a Rapid7 Belfast Software Engineer

At Rapid7, we believe that by hiring a diverse team with different levels of experience and varying backgrounds, we can ChallengeConvention as OneMoose, push the boundaries of our thinking, and pursue our goals of continuous innovation to achieve secure advancement for all. As we continue to buil...

From the Dorm Room to the White House: How Researcher Jack Cable Works to Ensure Election Security

In a recent episode of Security Nation, Rapid7 welcomed Jack Cable, a junior at Stanford University and employee of the U.S. Cybersecutiy and Infrastructure Security Agency, to discuss the importance of ensuring election security beyond just voting machines. Read on as he shares how to fight...

Debian DSA-4767-1 : mediawiki - security update

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against...

Saferwall - A Hackable Malware Sandbox For The 21St Century

Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generates an automated malware analysis report. Hunting platform to find new malwares...

Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center SOC protecting Microsoft and our Detection and Response Team DART helping our customers with their incidents. For a visu...