Worried About SaaS Misconfigurations? Check These 5 Settings Everybody Misses

Enterprises depend on SaaS applications for countless functions, like collaboration, marketing, file sharing, and more. But problematically, they often lack the resources to configure those apps to prevent cyberattacks, data exfiltration, and other risks. Catastrophic and costly data breaches...

NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

The Story Behind Security Breaches

There are many potential causes of security breaches, including malicious attacks, system glitches, equipment failures, software bugs, and zero days. What is a common root cause here? Human error. According to Micke Ahola, “In a security context, human error means unintentional actions—or lack of...

CVE-2020-15909

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take...

Session fixation

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take...

CVE-2020-27178

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

This week, Rapid7 Managed Detection and Response’s MDR intrepid investigators identified an increase in RDP attacks targeting RDP servers without multi-factor authentication enabled. Given that a fair number of folks are still working remotely, it’s no wonder that attackers continue to seek out a...

Detecting Microsoft 365 and Azure Active Directory Backdoors

Mandiant has seen an uptick in incidents involving Microsoft 365 M365 and Azure Active Directory Azure AD. Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of...

Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise

Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and tha...

The ABCs of Digital Distancing

No person is an island — despite the recent public health mandates on social distancing that might make us feel as though we are. Yet, sometimes these seemingly arbitrary constraints can catalyze innovations and approaches to common challenges – and everyone wins. In a recent tweet from entertain...

Rethinking Defensive Strategy at the Edge, Part 3: Strategies for Protective Action

Our three-part blog series, Re-thinking Defensive Strategy at the Edge, has been focusing on outlining a new defensive edge strategy for today's enterprise. We began with a discussion of data and indicators. Most recently, our second post focused on using risk signals and correlating them for...

This One Time on a Pen Test: Outwitting the Vexing VPN

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. Just...

MFA Bypass Bugs Opened Microsoft 365 to Attack

Bugs in the multi-factor authentication system used by Microsoft’s cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint. The flaws exist in the implementation o...

Microsoft Security: Use baseline default tools to accelerate your security career

I wrote a series of blogs last year on how gamified learning through cyber ranges can create more realistic and impactful cybersecurity learning experiences and help attract tomorrow’s security workforce. With the global talent shortage in this field, we need to work harder to bring people into t...

CVE-2020-0837

An elevation of privilege vulnerability exists when Active Directory Federation Services ADFS improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. To exploit this...

Privilege escalation

An elevation of privilege vulnerability exists when Active Directory Federation Services ADFS improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. To exploit this...

CVE-2020-0837

CVE-2020-0837 affects Active Directory Federation Services (ADFS) and is an Elevation of Privilege vulnerability arising from improper handling of multi-factor authentication requests. The initial description states that an attacker could bypass some MFA factors by sending a specially crafted aut...

CVE-2020-2040

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of...

CVE-2020-2040

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of...

Buffer overflow

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of...