Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/05/31 6:32 p.m.31 views

Metasploit Weekly Wrap-Up 05/31/2024

Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second i...

10CVSS10AI score0.93901EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2024/05/30 3:45 p.m.70 views

CVE-2024-24919: Check Point Security Gateway Information Disclosure

On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a...

8.6CVSS6.9AI score0.99978EPSS
Exploits52
Rapid7 Blog
Rapid7 Blog
added 2024/05/30 1:0 p.m.17 views

Celebrating Excellence: Joanne Guariglia and Kelly Hiscoe Recognized as CRN's 2024 Women of the Channel

We are thrilled to announce that two of our exceptional team members, Joanne Guariglia and Kelly Hiscoe, have been recognized as CRN's 2024 Women of the Channel. This recognition celebrates the achievements and leadership of women within the channel community, and we are incredibly proud to see...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/23 8:30 p.m.22 views

Metasploit Weekly Wrap-Up 05/23/2024

Infiltrate the Broadcast! A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo 12.4 - 14.2. The multi/http/avideowwbnindexunauthrce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain...

7.1AI score0.80454EPSS
Exploits17
Rapid7 Blog
Rapid7 Blog
added 2024/05/23 2:0 p.m.13 views

The Take Command Summit: A Day of Resilience and Preparation

The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/23 1:0 p.m.32 views

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions JAVS is a U.S.-based company specializing in digital audio-visual recording...

8.7CVSS8.8AI score0.26937EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/05/23 1:0 p.m.6 views

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions JAVS is a U.S.-based company specializing in digital audio-visual recording...

8.7CVSS6.5AI score0.26937EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/05/21 1:0 p.m.57 views

Rapid7 Releases the 2024 Attack Intelligence Report

Today, during our Take Command Summit, we released our 2024 Attack Intelligence Report, which pulls in expertise from our researchers, our detection and response teams, and threat intelligence teams. The result is the clearest picture yet of the expanding attack surface and the threats security...

8.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/17 8:11 p.m.20 views

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/16 5:51 p.m.12 views

See a Sneak Peek of Tuesday’s Take Command Summit

In just a few short days, some of the best minds in cybersecurity will come together at Take Command to discuss the most pressing challenges and opportunities we face as an industry. The sessions include in-depth discussions on attacker trends and behaviors, a look into the Rapid7 SOC, top guest...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/15 1:0 p.m.14 views

AI Trust Risk and Security Management: Why Tackle Them Now?

Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence AI, keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges tha...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/14 8:25 p.m.78 views

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

9.6CVSS10AI score0.8399EPSS
Exploits41
Rapid7 Blog
Rapid7 Blog
added 2024/05/14 8:25 p.m.11 views

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

9.6CVSS9.4AI score0.8399EPSS
Exploits41
Rapid7 Blog
Rapid7 Blog
added 2024/05/14 7:24 p.m.23 views

5 key MDR differentiators to look for to build stronger security resilience

Organizations looking to address the skills gap and bring greater efficiency as their business grows and their attack surface sprawls are turning to MDR providers at an accelerated pace. We’ve seen predictions from top analyst firms signaling the rapid rate of adoption of an MDR provider by 2025...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/13 7:17 p.m.48 views

Ongoing Malvertising Campaign leads to Ransomware

Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/13 3:6 p.m.23 views

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/13 3:6 p.m.9 views

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report...

5.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/10 8:12 p.m.45 views

Metasploit Wrap-Up 05/10/2024

Password Spraying support Multiple bruteforce/login scanner modules have been updated to support a PASSWORDSPRAY module option. This work was completed in pull request 19079 from nrathaus as well as an additional update from our developers . When the password spraying option is set, the order of...

7.5CVSS9.3AI score0.99539EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2024/05/10 5:31 p.m.52 views

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response MDR customers. The incident involves a threat actor overwhelming a user's emai...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/10 5:31 p.m.5 views

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response MDR customers. The incident involves a threat actor overwhelming a user's emai...

6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/09 1:0 p.m.15 views

Layered Defense to Stop Attacks Before they Begin

Ransomware has evolved from opportunistic attacks to highly orchestrated campaigns driven by cyber criminals who are seeking high financial gains. Ransomware-as-a-Service has increased due to its lowered barrier to entry, allowing even those with limited technical expertise to launch devastating...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/08 1:0 p.m.18 views

Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council

The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council BWWC. The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial wage...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/07 6:40 p.m.10 views

Take Command Summit: A Message from Rapid7 Chairman and CEO, Corey Thomas

The Rapid7 Take Command Summit is just two short weeks away. We’re busy putting together one of the most impactful programs on the latest in cybersecurity trends, technology, and innovations available, and we are eager to share it with all of you. So eager, in fact, that Chairman and CEO of Rapid...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/03 6:29 p.m.31 views

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without...

7.5CVSS9.6AI score0.95388EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2024/05/02 1:0 p.m.20 views

The Take Command Summit: A Stacked Agenda, and Killer Guest Speakers Coming Your Way May 21

By now you should have heard about Take Command, Rapid7’s day-long virtual summit on May 21 bringing together some of the best minds in the cybersecurity sphere for comprehensive discussions on the latest data, challenges, and opportunities in the industry. It’s an opportunity to expand your...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/05/01 1:0 p.m.19 views

The Business of Cybersecurity Ownership

Who exactly owns cybersecurity in your organisation? Authored by Sean Vogelenzang Many would say the answer is obvious. It’s the chief information security officer CISO and his or her team, of course. However, it’s not that simple. Sure, the CISO and their team are responsible for setting the...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/30 2:29 p.m.5 views

Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More

By Dr. Mike Cohen and Carlos Canto Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features. EWF Support Velociraptor has introduced the ability to analyze dead disk images in the pas...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/30 2:29 p.m.53 views

Velociraptor 0.7.2 Release: Digging Deeper than Ever with EWF Support, Dynamic DNS and More

By Dr. Mike Cohen and Carlos Canto Rapid7 is very excited to announce that version 0.7.2 of Velociraptor is now fully available for download. In this post we’ll discuss some of the interesting new features. EWF Support Velociraptor has introduced the ability to analyze dead disk images in the pas...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/26 7:49 p.m.56 views

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...

7.5CVSS10AI score0.99999EPSS
Exploits62
Rapid7 Blog
Rapid7 Blog
added 2024/04/23 5:29 p.m.16 views

USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award

This past Friday, April 19, the University of South Florida USF College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa. I had the honor of joining my colleagues, includin...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/23 3:26 p.m.58 views

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Rapid7 vulnerability researcher Ryan Emmons contributed to this blog. On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 as well as legacy 9.x versions across al...

7.5CVSS10AI score0.99539EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2024/04/22 1:14 p.m.14 views

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/19 6:42 p.m.59 views

Metasploit Weekly Wrap-Up 04/19/24

Welcome Ryan and the new CrushFTP module It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works...

7.5CVSS9.8AI score0.81801EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2024/04/17 1:0 p.m.25 views

Enforce and Report on PCI DSS v4 Compliance with Rapid7

The PCI Security Standards Council PCI SSC is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide. According to the PCI SSC website, “PC...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/16 4:21 p.m.15 views

Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization

Authored by Damon Cabanillas Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program TX-RAMP authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/12 5:47 p.m.33 views

Metasploit Weekly Wrap-Up 04/12/24

Account Takeover using Shadow Credentials The new release of Metasploit Framework includes a Shadow Credentials module added by smashery used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained wit...

7.8AI score0.5132EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/04/12 12:59 p.m.63 views

CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls

On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability...

7.5CVSS9.8AI score0.99999EPSS
Exploits43
Rapid7 Blog
Rapid7 Blog
added 2024/04/10 1:0 p.m.37 views

Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/09 8:28 p.m.5 views

Patch Tuesday - April 2024

Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today. Howeve...

9CVSS9.4AI score0.87784EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2024/04/09 8:28 p.m.125 views

Patch Tuesday - April 2024

Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today. Howeve...

6.8CVSS10AI score0.87784EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2024/04/05 6:59 p.m.46 views

Metasploit Weekly Wrap-Up 04/05/2024

New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...

7.5CVSS10AI score0.99999EPSS
Exploits52
Rapid7 Blog
Rapid7 Blog
added 2024/04/04 1:0 p.m.39 views

What’s New in Rapid7 Products & Services: Q1 2024 in Review

We kicked off 2024 with a continued focus on bringing security professionals which if you're reading this blog, is likely you! the tools and functionality needed to anticipate risks, pinpoint threats, and respond faster with confidence. Below we’ve highlighted some key releases and updates from...

7.5CVSS8.3AI score0.99991EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2024/04/03 1:0 p.m.42 views

CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)

Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. Minerva uses the open-source OpenSSL library for cryptographic functions and to support secure communications. The root cause of this vulnerability is Minerva’s implementation of...

4.3CVSS8.1AI score0.00234EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/02 1:30 p.m.17 views

Challenges Drive Career Growth: Meet Rudina Tafhasaj

Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, and incredible rewards. Growing up, Rudina was inspired to get into technology by her older brother. “He loved...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/04/01 5:13 p.m.73 views

Backdoored XZ Utils (CVE-2024-3094)

On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used command line tool XZ Utils liblzma. The backdoor, added by an...

7.5CVSS9.8AI score0.85974EPSS
Exploits40
Rapid7 Blog
Rapid7 Blog
added 2024/03/29 6:14 p.m.83 views

Metasploit Weekly Wrap-Up 03/29/2024

PHP code execution and Oversharepoint Here in the Northern Hemisphere, Spring is in the air: flowers, bees, pollen… a new Metasploit 6.4 release, and now, fresh on the heels of this new release is a bountiful crop of exploits, features, and bug-fixes. Leading the pack is a pair of 2024 PHP code...

7.5CVSS8.4AI score0.99618EPSS
Exploits36
Rapid7 Blog
Rapid7 Blog
added 2024/03/28 6:35 p.m.32 views

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

8.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/25 1:33 p.m.79 views

Metasploit Framework 6.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 and the team has added many new features and improvements since then. For news reporters, please reach out to [email protected]. Kerberos Improvements...

9.3CVSS8.4AI score0.99999EPSS
Exploits348
Rapid7 Blog
Rapid7 Blog
added 2024/03/22 4:36 p.m.29 views

Metasploit Weekly Wrap-Up 03/22/2024

New module content 1 OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: 18618 contributed by ErikWynter Path: linux/http/opennmshorizonauthenticatedrce AttackerKB reference: CVE-2023-0872 Description: This module exploits built-in functionality in OpenNMS Horizon in...

5.2CVSS8.3AI score0.02951EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2024/03/21 10:0 p.m.13 views

Why The External Attack Surface Matters: An analysis into APAC related threat activities

Co-authors are Robin Long and Raj Samani Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management EASM technologies as a means to monitor said surface. It would appear a reasonable approach, on t...

7.1AI score
Exploits0
Total number of security vulnerabilities1723