Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/11/03 7:10 p.m.66 views

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

5CVSS8AI score0.99999EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2023/11/01 6:32 p.m.131 views

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...

7.5CVSS7.1AI score0.99654EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2023/10/30 2:0 p.m.22 views

Is That Smart Home Technology Secure? Here’s How You Can Find Out.

As someone who likes the convenience of smart home Internet of Things IoT technology, I am regularly on the lookout for products that meet my expectations while also considering security and privacy concerns. Smart technology should never be treated differently than how we as consumers look at...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/10/27 6:46 p.m.49 views

Metasploit Weekly Wrap-Up

New module content 4 Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: 18447 contributed by emirpolatt Path: admin/http/atlassianconfluenceauthbypass AttackerKB reference: CVE-2023-22515...

7.5CVSS9.5AI score0.99156EPSS
Exploits46
Rapid7 Blog
Rapid7 Blog
added 2023/10/25 6:18 p.m.78 views

CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability

On October 10, 2023, Citrix published an advisory on two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. The more critical of these two issues is CVE-2023-4966, a sensitive information disclosure vulnerability that allows an attacker to read large amounts of memory after the end of...

5CVSS7.1AI score0.99999EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2023/10/19 8:15 p.m.65 views

Metasploit Weekly Wrap-Up

That Privilege Escalation Escalated Quickly This release features a module leveraging CVE-2023-22515, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” with a CVSS score of 10. The exploit...

7.5CVSS9.5AI score0.99156EPSS
Exploits41
Rapid7 Blog
Rapid7 Blog
added 2023/10/17 7:50 p.m.98 views

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

9CVSS8AI score0.99571EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2023/10/17 3:53 p.m.3 views

Cloud Webinar Series Part 1: Commanding Cloud Strategies

Over the past decade, cloud computing has evolved into a cornerstone of modern business operations. Its flexibility, scalability, and efficiency have reshaped industries and brought unprecedented opportunities. However, this transformation has come with challenges—most notably those associated wi...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/10/17 3:53 p.m.8 views

Cloud Webinar Series Part 1: Commanding Cloud Strategies

Over the past decade, cloud computing has evolved into a cornerstone of modern business operations. Its flexibility, scalability, and efficiency have reshaped industries and brought unprecedented opportunities. However, this transformation has come with challenges—most notably those associated wi...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/10/16 3:0 p.m.33 views

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

!Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP \FIXED\https://blog.rapid7.com/content/images/2023/10/vuln-disclosure-banner.jpeg As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapi...

6.8CVSS8.9AI score0.27069EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2023/10/16 3:0 p.m.5 views

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers. Although these require unusual circumstances or non-default...

9.1CVSS8.1AI score0.01481EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2023/10/13 5:3 p.m.56 views

Metasploit Weekly Wrap-Up

Pollution in Kibana This week, contributor h00die added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a...

7.5CVSS9AI score0.99615EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2023/10/11 3:16 p.m.17 views

The Risks of Exposing DICOM Data to the Internet

Introduction Digital Imaging and Communications in Medicine DICOM is the international standard for the transmission, storage, retrieval, print, and display of medical images and related information. While DICOM has revolutionized the medical imaging industry, allowing for enhanced patient care...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/10/10 8:34 p.m.147 views

Patch Tuesday - October 2023

Microsoft is addressing 105 vulnerabilities this October Patch Tuesday, including three zero-day vulnerabilities, as well as 12 critical remote code execution RCE vulnerabilities, and one republished third-party vulnerability. WordPad: zero-day NTLM hash disclosure Another Patch Tuesday, another...

7.5CVSS9.2AI score0.99999EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2023/10/06 6:10 p.m.69 views

Metasploit Weekly Wrap Up

New module content 3 LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: 18197 contributed by dwelch-r7 Path: scanner/ldap/ldaplogin Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication...

6.5CVSS8.9AI score0.93546EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2023/10/05 5:45 p.m.46 views

Little Crumbs Can Lead To Giants

This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...

5.8CVSS6.8AI score0.01986EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/10/05 3:49 p.m.26 views

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

This post takes a look at some of the investments we've made throughout Q3 2023 to our Detection and Response offerings to provide advanced DFIR capabilities with Velociraptor, more flexibility with custom detection rules, enhancements to our dashboard and log search features, and more. Stop...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/10/04 3:28 p.m.83 views

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center. CVE-2023-22515 was originally announced as a privilege escalation vulnerability, but was later changed to a brok...

7.5CVSS7.8AI score0.99156EPSS
Exploits39
Rapid7 Blog
Rapid7 Blog
added 2023/10/02 1:30 p.m.24 views

Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR

Working with thousands of security and risk professionals across the globe, we know that complexity is the top challenge SOCs are facing today. As the attack surface rapidly expands, security teams need more effective ways to keep pace with digital transformation and get out of the cycle of...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 7:42 p.m.106 views

What’s New in InsightVM and Nexpose: Q3 2023 in Review

A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, more policy coverage, and more. Let’s...

7.5CVSS7.3AI score0.99999EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 6:8 p.m.94 views

Metasploit Weekly Wrap-Up

TeamCity authentication bypass and remote code execution This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally...

7.5CVSS8.7AI score0.99979EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 1:33 p.m.81 views

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...

6.5CVSS7.7AI score0.9015EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 1:0 p.m.14 views

Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Nearly 70% of companies that are breached are likely to get breached again within twelve months CPO. Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response DFIR ready to go...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/25 7:6 p.m.143 views

Introducing Active Risk

Cyber risk is increasing both in volume and velocity. Given the landscape of threats, weaknesses, vulnerabilities, and misconfigurations, organizations, teams and vulnerability analysts alike need of better prioritization mechanisms. That's why we developed a new risk scoring methodology: Active...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/25 5:32 p.m.70 views

CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers

On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation of CVE-2023-42793 allows an unauthenticated attacker with HTTPS access to a TeamCity server to perform a remot...

9.8AI score0.99979EPSS
Exploits17
Rapid7 Blog
Rapid7 Blog
added 2023/09/22 6:4 p.m.49 views

Metasploit Weekly Wrap-Up

Improved Ticket Forging Metasploit’s admin/kerberos/forgeticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary...

7.5CVSS9.3AI score0.997EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2023/09/20 8:2 p.m.39 views

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/20 2:1 p.m.11 views

Rapid7 doubles down on a platform approach for Vulnerability Risk Management

This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. The report, which included 11 vulnerability risk management vendors, represented Rapid7's inclusion in the Wave report for vulnerability management. We are proud to be recognized for our...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/15 6:54 p.m.64 views

Metasploit Weekly Wrap-Up

Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...

10CVSS9.8AI score0.99949EPSS
Exploits106
Rapid7 Blog
Rapid7 Blog
added 2023/09/12 10:55 p.m.308 views

Patch Tuesday - September 2023

Microsoft is addressing 65 vulnerabilities this September Patch Tuesday, including two zero-day vulnerabilities, as well as four critical remote code execution RCE vulnerabilities, and six republished third-party vulnerabilities. Word: zero-day NTLM hash disclosure Microsoft Word receives a patch...

7.5CVSS9.3AI score0.99739EPSS
Exploits38
Rapid7 Blog
Rapid7 Blog
added 2023/09/08 6:3 p.m.80 views

Metasploit Weekly Wrap-Up

New module content 4 Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: 18286 contributed by cudalac Path: auxiliary/gather/roundcubeauthfileread AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to...

7.5CVSS8.3AI score0.99273EPSS
Exploits27
Rapid7 Blog
Rapid7 Blog
added 2023/09/07 3:13 p.m.20 views

A Look at Our Development Process of the Cloud Resource Enrichment API

In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/07 3:13 p.m.4 views

A Look at Our Development Process of the Cloud Resource Enrichment API

In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/07 3:5 p.m.35 views

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...

5.8CVSS6.7AI score0.27069EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/07 3:5 p.m.6 views

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...

7.2CVSS7.3AI score0.27069EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/01 4:30 p.m.54 views

Metasploit Weekly Wrap-Up

Pumpkin Spice Modules Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a new and improved library to interact wi...

6.5CVSS10.1AI score0.83009EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 9:44 p.m.52 views

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Technical Analysis by: Thomas Elkins, Natalie Zargarov Contributions: Evan McCann, Tyler McGraw Recently, Rapid7 observed the Fake Browser Update lure tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to...

8.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 8:23 p.m.66 views

Exploitation of Juniper Networks SRX Series and EX Series Devices

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...

5CVSS8.4AI score0.94205EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:16 p.m.12 views

PenTales: What It’s Like on the Red Team

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight som...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:0 p.m.16 views

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/29 2:0 p.m.77 views

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog. Rapid7’s managed detection and response MDR teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances physical and virtual dating back to at least March 2023. In some...

6.4CVSS7.2AI score0.21583EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/25 9:26 p.m.45 views

Metasploit Weekly Wrap-Up

PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...

7.5CVSS10.4AI score0.99397EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2023/08/24 1:0 p.m.4 views

Why Your AWS Cloud Container Needs Client-Side Security

With increasingly complicated network infrastructure and organizations needing to deploy applications across various environments, cloud containers are necessary for companies to stay agile and innovative. Containers are packages of software that hold all of the necessary components for an app to...

6.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/24 1:0 p.m.43 views

Why Your AWS Cloud Container Needs Client-Side Security

With increasingly complicated network infrastructure and organizations needing to deploy applications across various environments, cloud containers are necessary for companies to stay agile and innovative. Containers are packages of software that hold all of the necessary components for an app to...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/23 1:0 p.m.13 views

Three Security Vendor Consolidation Myths Debunked

When it comes to security vendor consolidation, Gartner found that 57% of organizations are working with fewer than ten security vendors, utilizing consolidation to cut costs and improve their overall security posture. But what about the other 43%? While security vendor consolidation has many...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/22 4:0 p.m.24 views

Ransomware-as-a-Service Cheat Sheet

Ransomware-as-a-Service, or RaaS, has taken the threat landscape by storm — so much so that in 2023, the White House re-classified ransomware as a national security threat. How has RaaS taken the impact of ransomware attacks to this next level of federal concern? By allowing potential...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/22 1:0 p.m.17 views

Rapid7 Takes 2023 SC Awards for Vulnerability Management and Threat Detection

The highly respected SC Awards program, hosted by SC Media, recognizes the solutions, organizations, and people driving innovation and success in information security. Now in its 26th year, the SC Awards continue to grow and evolve. Rapid7 is proud to announce we have received not one, but two...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/18 5:22 p.m.64 views

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...

7.5CVSS9.7AI score0.98725EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2023/08/17 4:6 p.m.21 views

Join us for VeloCON 2023: Digging Deeper Together!

September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/17 1:0 p.m.23 views

Rapid7’s Mid-Year Threat Review

It will come as little surprise to most people that cyber threats in 2023 have been rather prolific. From widely exploited vulnerabilities to high-profile ransomware and extortion campaigns, the first half of the year has seen more than its fair share of large-scale incidents. Rapid7’s 2023...

7.1AI score
Exploits0
Total number of security vulnerabilities1723