137 matches found
Privilege Escalation
xscreensaver is vulnerable to privilege escalation. The vulnerability exists due to of an incompatible setting in /usr/libexec/xscreensaver/sonar file...
Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Tom Sellers. There are certain services that are generally considered to be high-risk when found available on the public internet. As an exampl...
Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200
Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...
CVE-2021-31523
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...
DEBIAN-CVE-2021-31523
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...
UBUNTU-CVE-2021-31523
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350
Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500
Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not...
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...
NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Command Injection
Overview sonar-wrapper is a package that wraps SonarQube Scanner as a node module. Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/sonarRunner.js. PoC var root = require"sonar-wrapper"; var options= 'sonar.projectName':'& touch JHU';...
NICER Protocol Deep Dive: Internet Exposure of etcd
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Don’t Put It on the Internet: Tesla Backup Gateway Edition
Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post. This blog post aims to increase user awareness of the privacy and security risks of connecting devices to the internet. In this edition, we address Tesla Backup Gateways and identify some key areas wher...
SonarSource SonarQube Authentication Bypass Vulnerability
SonarSource SonarQube is an open source code quality management system from SonarSource Switzerland. An authentication bypass vulnerability exists in SonarQube version 8.4.2.36762, which allows an external attacker to implement authentication bypass via SonarScanner to create and overwrite public...
Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life EOL on Jan. 14, 2020. What does that mean in practice? Well, any instances running these versions of Windows Server are no longer supported by Microsoft—no more automated fixes, updates, or technical assistance. From a security standpoint,...
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support EoS on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date. During our work with Project Sonar, we consistently see the use of old and EoS software on the internet. This is...
Rapid7 Releases Q2 2020 Quarterly Threat Report
It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report. As in previous quarters, our Rapid7 research team produced this report by analyzing the data from our internet telemetry-gathering systems Project Sonar and Project Heisenberg, as...
Unspecified Vulnerability in CloudBees Jenkins Sonar Quality Gates Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Sonar Quality Gates Plugin is used in which a...
Sonar Qube 8.3.1 - (SonarQube Service) Unquoted Service Path Vulnerability
Title: Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path Author: Velayutham Selvaraj Vendor Homepage: https://www.sonarqube.org Software Link: https://www.sonarqube.org/downloads/ Version : 8.3.1 Tested on: Windows 10 64bitEN About Unquoted Service Path : ==============================...