Lucene search
+L
Rapid7blogMost viewed

1731 matches found

Rapid7 Blog
Rapid7 Blog
added 2020/10/26 2:44 p.m.205 views

Scan Template Best Practices in InsightVM

When you start out with one of our vulnerability management solutions, Nexpose or InsightVM, one of the first things you should build and set up is a best practices Scan Template. Because best practices are constantly changing, make sure you look at the date this blog was posted and make your...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/01/06 8:41 p.m.204 views

What's New in InsightIDR: Q4 2021 in Review

More context and customization around detections and investigations, expanded dashboard capabilities, and more. This post offers a closer look at some of the recent releases in InsightIDR, our extended detection and response XDR solution, from Q4 2021. Over the past quarter, we delivered updates ...

9.3CVSS0.1AI score0.99999EPSS
Exploits355
Rapid7 Blog
Rapid7 Blog
added 2021/08/06 2:17 p.m.204 views

Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever

Note: A more detailed version of this post is available as a preprint on the ArXiv. The casino floor at Bally's is a thrilling place, one that loads of hackers are familiar with from our time at DEF CON. One feature of these casinos is the unmistakable song of slots being played. Imagine a slot...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/08 1:5 p.m.203 views

Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 2

I have logs on my mind right now, because every spring, as trees that didn’t survive the winter are chopped down, my neighbor has truckloads of them delivered to his house. All the logs are eventually burned up in his sugar house and used to make maple syrup, and it reminds me that I have some lo...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/12/18 7:15 p.m.203 views

Metasploit Wrap-Up

It's the week of December 17th and that can only mean one thing: a week until Christmas! For those of you who don't celebrate Christmas, a very happy Hanukkah/Chanukah, Kwanzaa, Diwali, Chinese New Year, Winter Solstice and Las Posadas to you all! This is our last weekly wrap-up this year, but as...

10CVSS9.3AI score0.79842EPSS
Exploits36
Rapid7 Blog
Rapid7 Blog
added 2022/01/07 6:20 p.m.202 views

Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale

This post is co-authored by Blake Cifelli, Senior Advisory Services Consultant. In today’s cybersecurity world, risks evolve faster than we can remediate them. To meet our goals and become resilient to these fast changes, we need the right balance of automation and human interaction. Enabling rap...

9.3CVSS10AI score0.99999EPSS
Exploits355
Rapid7 Blog
Rapid7 Blog
added 2021/04/16 4:56 p.m.200 views

MDR Vendor Must-Haves, Part 7: Managed Response Actions

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Security teams face unprecedented challenges as the threat landscape expands in scope and complexity. More...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/10 6:32 p.m.198 views

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

7.5CVSS8.6AI score0.99999EPSS
Exploits45
Rapid7 Blog
Rapid7 Blog
added 2021/07/09 8:13 p.m.197 views

Securing the Supply Chain: Lessons Learned from the Codecov Compromise

Supply chain attacks are all the rage these days. While they’re not a new part of the threat landscape, they are growing in popularity among more sophisticated threat actors, and they can create significant system-wide disruption, expense, and loss of confidence across multiple organizations,...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/02 6:44 p.m.194 views

Metasploit Wrap-Up

Containers that fail to Contain Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker...

9.3CVSS0.6AI score0.9857EPSS
Exploits52
Rapid7 Blog
Rapid7 Blog
added 2022/01/14 2:46 p.m.192 views

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...

9.3CVSS0.2AI score0.99999EPSS
Exploits355
Rapid7 Blog
Rapid7 Blog
added 2023/11/09 2:12 p.m.190 views

CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest

On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 Lace Tempest in “limited attacks.” In a...

7.5CVSS9.4AI score0.99934EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2022/01/05 6:52 p.m.190 views

Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors

Now that 2022 is fully underway, it's time to wrap up some of the milestones that Rapid7 achieved in 2021. We worked harder than ever last year to help protectors keep their organization's infrastructure secure — even in the face of some of the most difficult threats the security community has...

9.3CVSS9.6AI score0.99999EPSS
Exploits485
Rapid7 Blog
Rapid7 Blog
added 2021/06/10 1:0 p.m.189 views

Attack Surface Analysis Part 1: Vulnerability Scanning

In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks. We’ll start with vulnerability assessment below. BREACH!!! A word you may hea...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/11 11:44 p.m.189 views

Patch Tuesday - May 2021

Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...

9.3CVSS0.5AI score0.99782EPSS
Exploits53
Rapid7 Blog
Rapid7 Blog
added 2024/01/09 9:23 p.m.187 views

Patch Tuesday - January 2024

Microsoft is addressing 49 vulnerabilities this January 2024 Patch Tuesday, including a single critical remote code execution vulnerability. Four browser vulnerabilities were published separately this month, and are not included in the total. No zero-day vulnerabilities are published or patched...

7.5CVSS9.8AI score0.99649EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2023/04/11 10:49 p.m.187 views

Patch Tuesday - April 2023

Microsoft is offering fixes for 114 vulnerabilities for April 2023 Patch Tuesday. This month’s haul includes a single zero-day vulnerability, as well as seven critical Remote Code Execution RCE vulnerabilities. There is a strong focus on fixes for Windows OS this month. Zero-day vulnerability: CL...

9CVSS10.1AI score0.95454EPSS
Exploits42
Rapid7 Blog
Rapid7 Blog
added 2022/05/31 3:15 p.m.187 views

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

On May 30, 2022, Microsoft Security Response Center MSRC published a blog on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool msdt in Windows. Microsoft’s advisory on CVE-2022-30190 indicates that exploitation has been detected in the wild. According to Microsof...

9.3CVSS1.1AI score0.99374EPSS
Exploits62
Rapid7 Blog
Rapid7 Blog
added 2022/12/30 3:0 p.m.186 views

2022 Annual Metasploit Wrap-Up

It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we...

9CVSS0.2AI score0.99677EPSS
Exploits182
Rapid7 Blog
Rapid7 Blog
added 2021/10/08 1:30 p.m.186 views

What's New in InsightVM: Q3 2021 in Review

In today's post, we're giving a rundown of new features and functionality launched in Q3 2021 for InsightVM and the Insight Platform. We hope you can begin to leverage these changes to drive success across your organization. Apple Silicon support on the Insight Agent We're excited to announce tha...

10CVSS9.5AI score0.99999EPSS
Exploits158
Rapid7 Blog
Rapid7 Blog
added 2022/01/18 8:0 p.m.185 views

Active Exploitation of VMware Horizon Servers

This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...

9.3CVSS0.3AI score0.99999EPSS
Exploits357
Rapid7 Blog
Rapid7 Blog
added 2021/03/05 5:20 p.m.183 views

Metasploit Wrap-Up

FortiOS Path Traversal Returning community contributor mekhalleh submitted a module targeting a path traversal vulnerability within the SSL VPN web portal in multiple versions of FortiOS. The flaw is leveraged to read the usernames and passwords of currently logged in users which are stored in...

9.3CVSS0.6AI score0.99999EPSS
Exploits77
Rapid7 Blog
Rapid7 Blog
added 2022/09/30 6:47 p.m.182 views

Metasploit Weekly Wrap-Up

Veritas Backup Exec Agent RCE This module kindly provided by c0rs targets the Veritas Backup Exec Agent in order to gain RCE as the system/root user. The exploit itself is actually a chain of 3 separate CVEs CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 which only makes it more impressive...

9CVSS0.99998EPSS
Exploits50
Rapid7 Blog
Rapid7 Blog
added 2022/07/19 12:56 p.m.182 views

CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation

Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as nobody, to escalate to root on affected firewalls. To exploit this vulnerability, a remote attacker must first establish shell access on the firewall, fo...

10CVSS0.99938EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2021/09/02 3:44 p.m.182 views

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...

7.5CVSS0.3AI score0.99999EPSS
Exploits45
Rapid7 Blog
Rapid7 Blog
added 2023/11/06 3:31 p.m.180 views

Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518

Daniel Lydon and Conor Quinn contributed attacker behavior insights to this blog. As of November 5, 2023, Rapid7 Managed Detection and Response MDR is observing exploitation of Atlassian Confluence in multiple customer environments, including for ransomware deployment. We have confirmed that at...

7.5CVSS9.9AI score0.99999EPSS
Exploits48
Rapid7 Blog
Rapid7 Blog
added 2021/07/16 7:47 p.m.180 views

What’s New in InsightVM: Q2 2021 in Review

The world is changing rapidly. We hear that phrase a lot. Throughout Q2 though, it really is true. Vaccines have been rolling out, to varying success depending on the part of the world, but there is optimism. As Rapid7 offices begin to open up to our hard-working team members around the globe, we...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/04/27 5:36 p.m.180 views

What's New in DivvyCloud by Rapid7: April 2021

Keeping you on scheduler The latest release of DivvyCloud 21.3 encompasses many of the standard changes that we included in each major release, from bug fixes to support for new cloud resources to new filters and other enhancements. As always, all the details are available in the release notes...

1.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/01 6:4 p.m.178 views

InsightAppSec Advanced Authentication Settings: Token Replacement

There are many different ways to use InsightAppSec to authenticate to web apps, but sometimes you need to go deeper into the advanced settings to fully automate your logins, especially with API scanning. Today, we’ll cover one of those advanced settings: Token Replacement. InsightAppSec Token...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/07 7:41 p.m.178 views

Metasploit Wrap-Up

Two new Active Directory attacks This week we added a pair of new post-exploitation modules from community contributor timb-machine. Both modules target UNIX machines running SSSD or One Identity's Vintela Authentication Services VAS as Active Directory integration solutions. The new UNIX Gather...

10CVSS0.9674EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2021/02/12 7:26 p.m.178 views

Metasploit Wrap-Up

MicroFocus? More like MacroVuln MicroFocus’s Operations Bridge Manager is a security information and event management SIEM tool designed to collect and parse security logs from multiple disparate sources. OBM has a large attack surface—something Pedro Ribeiro was able to take advantage of with hi...

9CVSS8.8AI score0.99295EPSS
Exploits94
Rapid7 Blog
Rapid7 Blog
added 2022/11/15 3:37 p.m.177 views

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 announcing fixes for three vulnerabilities: CVE-2022-27510 “Unauthorized access to Gateway user capabilities” CVE-2022-27513 “Remote desktop takeover via...

1.9AI score0.01231EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/03/09 10:25 p.m.177 views

CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel

CVE | Disclosure | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2022-0847 | Original disclosure | AttackerKB | March 10, 2022 | When practical | March 10, 2022 3:21 PM EST On March 7, 2022, CM4all security researcher Max Kellermann published technic...

7.2CVSS1.2AI score0.89063EPSS
Exploits100
Rapid7 Blog
Rapid7 Blog
added 2020/09/18 3:11 p.m.177 views

NICER Protocol Deep Dive: Internet Exposure of SMB

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

7.5CVSS9.4AI score0.9981EPSS
Exploits125
Rapid7 Blog
Rapid7 Blog
added 2021/05/03 10:36 p.m.176 views

Kubernetes Security Is Not Container Security

Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/28 2:11 p.m.175 views

What’s New in InsightVM and Nexpose: Q3 2022 in Review

Another quarter comes to a close! While we definitely had our share of summer fun, our team continued to invest in the product, releasing features and updates like recurring coverage for enterprise technologies, performance enhancements, and more. Let’s take a look at some of the key releases in...

10CVSS9.9AI score0.99999EPSS
Exploits190
Rapid7 Blog
Rapid7 Blog
added 2021/10/19 4:58 p.m.175 views

OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective

In case you missed it, injection claimed the number 3 spot in OWASP's updated Top 10 application security risks for 2021. Today, I'm going to highlight some of the reasons why injection is such a formidable threat, despite it falling two spaces from the number 1 slot on OWASP's 2017 list. But...

6.8CVSS0.6AI score0.76814EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2024/07/09 8:3 p.m.174 views

Patch Tuesday - July 2024

Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the...

9.9CVSS9.2AI score0.84345EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2020/12/04 7:27 p.m.174 views

Metasploit Wrap-Up

The Metasploit team is rolling to the end of the year featuring a week of modules, updates, and our annual CTF. I say rolling in part because here in the US, we’re coming off our week of Thanksgiving, which involves lots of pies, and we’re probably all a bit more spherical than normal! For those ...

7.5CVSS9.9AI score0.9927EPSS
Exploits46
Rapid7 Blog
Rapid7 Blog
added 2020/09/18 6:28 p.m.174 views

Metasploit Wrap-Up

Refreshingly configurable F5, on top of being a handy shortcut you can press over and over again until 3am just to watch the RTX 3080 preorders sell out instantly, is also a company that specializes in the delivery, security, performance, and availability of web applications, computing, storage,...

10CVSS9.1AI score0.99512EPSS
Exploits87
Rapid7 Blog
Rapid7 Blog
added 2021/12/14 12:55 a.m.173 views

Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s Log4j Java library a.k.a. Log4Shell. We have been continuously monitoring for Log4Shell exploit attempts in our environment and have been urgently...

4.3CVSS0.99999EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2022/06/14 7:37 p.m.172 views

Patch Tuesday - June 2022

June's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is CVE-2022-30190, also known as Follina, which was observed being exploited in the wild at the end of May. Microsoft provided mitigation instructions disabling the MSDT URL protoc...

10CVSS0.8AI score0.99374EPSS
Exploits68
Rapid7 Blog
Rapid7 Blog
added 2022/09/02 7:39 p.m.171 views

Metasploit Weekly Wrap-Up

ICPR Certificate Management This week Metasploit has a new ICPR Certificate Management module from Oliver Lyak and our very own Spencer McIntyre, which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful i...

10CVSS8.5AI score0.99374EPSS
Exploits93
Rapid7 Blog
Rapid7 Blog
added 2021/04/05 2:15 p.m.170 views

A Quick Look Into Cloud Security Posture Management (CSPM)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/08 9:11 p.m.169 views

Patch Tuesday - August 2023

Microsoft is addressing 86 vulnerabilities this August Patch Tuesday, including one zero-day vulnerability, as well as five critical remote code execution RCE vulnerabilities, and 12 browser vulnerabilities. An unpatched zero-day malicious document vulnerability from July also receives Windows OS...

7.5CVSS9.8AI score0.98998EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2022/08/19 2:25 p.m.168 views

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...

10CVSS9.4AI score0.86132EPSS
Exploits66
Rapid7 Blog
Rapid7 Blog
added 2022/11/08 8:2 p.m.167 views

Patch Tuesday - November 2022

It’s a relatively light Patch Tuesday this month by the numbers – Microsoft has only published 67 new CVEs, most of which affect their flagship Windows operating system. However, four of these are zero-days, having been observed as exploited in the wild. The big news is that two older zero-day CV...

0.8AI score0.9997EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2024/07/30 12:28 a.m.164 views

VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns

On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in...

9.8CVSS7.8AI score0.96823EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2022/01/07 5:28 p.m.164 views

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

7.5CVSS0.2AI score0.93514EPSS
Exploits61
Rapid7 Blog
Rapid7 Blog
added 2021/03/09 10:13 p.m.164 views

Patch Tuesday - March 2021

Another Patch Tuesday 2021-Mar is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server...

10CVSS0.6AI score0.99999EPSS
Exploits106
Total number of security vulnerabilities1731