1731 matches found
Ongoing Exploitation of Windows Installer CVE-2021-41379
CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-41379 | Microsoft Advisory | AttackerKB | Scheduled when patched | ASAP when released | December 3, 2021 3:00 PM ET See the Updates section at the end of this post for new informatio...
Test for Log4Shell With InsightAppSec Using New Functionality
We can all agree at this point that the Log4Shell vulnerability CVE-2021-44228 can rightfully be categorized as a celebrity vulnerability. Security teams have been working around the clock investigating whether they have instances of Log4j in their environment. You are likely very familiar with...
InsightVM Scan Engine: Understanding MAC Address Discovery
Written in collaboration with Jimmy Cancilla When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection. The MAC address is one of several attributes used by the Security Console to perform asset...
Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution
CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-44077 | Zoho's Advisory | AttackerKB | In Development | Immediately | December 9, 1:30pm ET Summary Zoho customers have had a huge incentive lately to keep their software up to date,...
Patch Tuesday - October 2020
Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746. Despite this...
Metasploit Wrap-Up
Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF and achieved 100 or more points: If you missed out on participating in this most rece...
Looking Back and Moving Forward With Rapid7’s Cloud Security Solution
This blog post was co-authored by Jamie Gale and Charles Stokes. Done with Q1 The DivvyCloud by Rapid7 team has had a busy and productive start to 2021, and we anticipate that the rest of this year will be equally exciting for our valued customers. In the first three months alone, we incorporated...
Metasploit Wrap-Up
Metasploit keeping that developer awareness rate up. Thanks to mrme & wvu, SharePoint is an even better target to find in your next penetration test. The newly minted module can net you a shell and a copy of the servers config, making that report oh so much more fun. Like to escape the sandbox?...
QNAP Poisoned XML Command Injection (Silently Patched)
Background CVE-2020-2509 was added to CISA’s Known Exploited Vulnerabilities Catalog in April 2022, and it was listed as one of the “Additional Routinely Exploited Vulnerabilities in 2021” in CISA’s 2021 Top Routinely Exploited Vulnerabilities alert. However, CVE-2020-2509 has no public exploit,...
MDR Vendor Must-Haves, Part 5: Multiple Threat Detection Methodologies, Including Deep Attacker Behavior Analysis
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR service providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Let’s start with an analogy: Say you’re a fisherman out on a mission to specifically catch tuna. You thr...
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
When this blog was originally published on August 2, it said that CVE-2023-35082 only affected MobileIron Core 11.2 and earlier, which are unsupported. On August 7, Ivanti published an updated advisory noting that since originally disclosing CVE-2023-35082, they have continued their investigation...
Metasploit Wrap-Up
In case you missed it, this past weekend the Metasploit team hosted the latest Metasploit CTF. We saw 1903 users register in this round and some excellent writeups have been published on what they found. If you participated but haven’t had a chance to fill out our feedback survey you can find it...
How to Protect Your Applications Against Log4Shell With tCell
By now, we’re sure you’re familiar with all things Log4Shell – but we want to make sure we share how to protect your applications. Applications are a critical part of any organization’s attack surface, and we’re seeing thousands of Log4Shell attack attempts in our customers' environments every...
Metasploit Weekly Wrap-Up
Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321. The flaw leveraged by the exploit exists in a...
Patch Tuesday - December 2020
We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months high thirties, it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported...
MDR Vendor Must-Haves, Part 8: Rapid7 Incident Response (Breach) Support
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” This is possibly the most overlooked aspect of selecting an MDR partner. But when you get to a hair-on-fire,...
Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)
As stated in our Apache Commons Text blog post, CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input, and affects versions 1.5 through 1.9. This vulnerability has been patched as of Commons Text version 1.10...
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the...
Patch Tuesday - October 2022
The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser. Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities...
A Quick Look Into Cloud Infrastructure Entitlement Management (CIEM)
The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...
Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems
We have completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. We continue to monitor for new vulnerability instances and to remediate vulnerabilities on internally accessible...
Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year
Spooky season is in full swing, and we’re not just talking about Halloween. Security vulnerabilities can range from tiny errors to large-scale gaps in protection, and all have different consequences. We put together a list of some of the scariest vulnerabilities of the year the tricks! and the...
Metasploit Wrap-up
Nine! Nine new modules! Ah ha ha! With the coming of autumn here in the Northern hemisphere, the nights are getting longer, and the hacking is getting stronger. We’ve really got something for everybody in this release, from IoT to infrastructure, Windows, and Linux; everyone’s pretty...
CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities
Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from two restricted shell escape vulnerabilities through the install rpm command present in the clish restricted shell. These issues have been fixed in version 11.1.0.0, released on March 15, 2021. The first, CVE-2021-3198, is an...
Taking Inspiration from Our Security Nation in an Otherwise Uninspiring Year
Well, what a year it has been. I won’t waste your time by recapping the many, many difficulties that 2020 has offered us, and instead, I will try to take a slightly different tack. While it has been a challenging for some, truly hellacious year, as we close it out, I’ve been trying out a little...
Metasploit 2020 Wrap-Up
2020 was certainly an interesting year. There were quite a few newsworthy events and some fantastic exploit content released. Let’s take a look at what 2020 meant for Metasploit. Quick stats Some quick statistics for Metasploit’s year. 737 pull requests merged and counting A net gain of +179...
Metasploit Wrap-Up
Windows secrets dump The following provided by Christophe De La Fuente! A common pen testing pattern is to compromise a local administrative account on a host and use it to grab Windows password hashes, kerberos tickets, and other secrets stored locally. The most common technique is to run tools...
Metasploit Weekly Wrap-Up
Nagios XI web shell upload module New this week is a Nagios Web Shell Upload module from Rapid7' own Jake Baines, which exploits CVE-2021-37343. This module builds upon the existing Nagios XI scanner written by Erik Wynter. Versions of Nagios XI prior to 5.8.5 are vulnerable to a path traversal...
CVE-2023-29298: Adobe ColdFusion Access Control Bypass
Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion, in a product feature designed to restrict external access to the ColdFusion Administrator. Rapid7 reported this vulnerability to Adobe on April 11, 2023 and we are now disclosing it in accordance with our...
Patch Tuesday - January 2021
We arrive at the first Patch Tuesday of 2021 2021-Jan with 83 vulnerabilities across our standard spread of products. Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office which includes the SharePoint family of products, and lastly some from les...
What's New in InsightVM and Nexpose: Q1 2022 in Review
The world of cybersecurity never has a dull moment. While we are still recovering from the aftermath of Log4Shell, the recent ContiLeaks exposed multiple vulnerabilities that have been exploited by the Conti ransomware group. It’s critical for your team to identify the risk posed by such...
A Quick Look Into Cloud Workload Protection Platforms (CWPPs)
The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
Update March 25, 2021: CVE-2021-22986 is now being actively exploited in the wild by a range of malicious actors. Rapid7 has in-depth technical analysis on this vulnerability, including proof-of-concept code and information on indicators of compromise, available here. On March 10, 2021, F5...
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel...
Metasploit Wrap-Up
SaltStack RCE wvu-r7 added an exploit module that targets SaltStack’s Salt software. Specifically, the module exploits both an authentication bypass CVE-2020-25592 and a command injection vulnerability CVE-2020-16846 in SaltStack’s REST API to get code execution as root through Salt’s SSH client ...
Metasploit Weekly Wrap-Up
A Confluence of High-Profile Modules This release features modules covering the Confluence remote code execution bug CVE-2022-26134 and the hotly-debated CVE-2022-30190, a file format vulnerability in the Windows Operating System accessible through malicious documents. Both have been all over the...
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)
A remote and low-privileged WatchGuard Firebox or XTM user can read arbitrary system files when using the SSH interface due to an argument injection vulnerability affecting the diagnose command. Additionally, a remote and highly privileged user can write arbitrary system files when using the SSH...
MDR Vendor Must-Haves, Part 9: Assigned Analyst Pods and Security Program Advisors
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Every organization is unique, with different goals, missions, security maturities, staffing models, technologies...
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)
On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache. The vulnerability allowed a local low-privileged user to execute arbitrary Powershell as SYSTEM due to improper file permission assignment CWE-732. Product description...
The 2021 Naughty and Nice Lists: Cybersecurity Edition
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Metasploit Wrap-Up
Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...
Attack vs. Data: What You Need to Know About Threat Hunting
Mitigate threats by going on the offensive While the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of implementing a threat-hunting program is a bit more complicated, as there are different threat-hunting methodologies to choose from. In order to...
Patch Tuesday - June 2024
It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthenticated attacker...
Patch Tuesday - August 2021
Hot off the press, it’s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includ...
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
Table of Contents Overview Affected versions Mitigation and detection guidance Rapid7 customers InsightVM and Nexpose InsightIDR and Managed Detection and Response Velociraptor tCell InsightCloudSec IntSights Attacks and campaigns External resources Updates Need clarity on detecting and mitigatin...
Patch Tuesday - March 2023
Microsoft is offering fixes for 101 security issues for March 2023 Patch Tuesday, including two zero-day vulnerabilities; the most interesting of the two zero-day vulnerabilities is a flaw in Outlook which allows an attacker to authenticate against arbitrary remote resources as another user...
Metasploit Wrap-Up
Hey who finked about Flink? In this week's round of modules, contributor bcoles offered up two modules to leverage that Apache Flink install you found in some fun new ways. If you are just looking to filch a few files, auxiliary/scanner/http/apacheflinkjobmanagertraversal leverages CVE-2020-17519...
UPnP With a Holiday Cheer
T'was the night before HaXmas, when all through the house, Not a creature was stirring, not even a mouse. The stockings were hung by the chimney with care, in hopes that St. Nicholas soon would be there. This may be the way you start your holiday cheer, but before you get started, let me make you...