Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...

Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec

“Yes, I know what applications we have publicly exposed.” How many times have you said that with confidence? I bet not too many. With the rapid pace of development that engineering teams can work at, it is becoming increasingly difficult to know what apps you have exposed to the internet, adding...

Evolving How We Share Rapid7 Research Data

In the spring of 2018, we launched the Open Data initiative to provide security teams and researchers with access to research data generated from Project Sonar and Project Heisenberg. Our goal for those projects is to understand how the attack surface is evolving, what exposures are most common o...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Today, Rapid7 released the fourth in our Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast!...

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Tom Sellers. There are certain services that are generally considered to be high-risk when found available on the public internet. As an exampl...

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350

Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500

Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not...

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...

NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

NICER Protocol Deep Dive: Internet Exposure of etcd

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

Don’t Put It on the Internet: Tesla Backup Gateway Edition

Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post. This blog post aims to increase user awareness of the privacy and security risks of connecting devices to the internet. In this edition, we address Tesla Backup Gateways and identify some key areas wher...

Are You Still Running End-of-Life Windows Servers?

Windows Server 2008 and 2008 R2 reached their end of life EOL on Jan. 14, 2020. What does that mean in practice? Well, any instances running these versions of Windows Server are no longer supported by Microsoft—no more automated fixes, updates, or technical assistance. From a security standpoint,...

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support EoS on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date. During our work with Project Sonar, we consistently see the use of old and EoS software on the internet. This is...

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report. As in previous quarters, our Rapid7 research team produced this report by analyzing the data from our internet telemetry-gathering systems Project Sonar and Project Heisenberg, as...

Serious Exchange Flaw Still Plagues 350K Servers

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...

Palo Alto Networks Firewalls Remote Root Code Execution Vulnerability

Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and PAN-OS versions 8.0.5 and earlier. Full...

Palo Alto Networks firewalls remote root code execution(CVE-2017-15944)

This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier, PAN-OS...

Palo Alto Networks Firewalls - Root Remote Code Execution

This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier, PAN-OS...