1723 matches found
Metasploit Weekly Wrap-Up
PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...
Is That Smart Home Technology Secure? Here’s How You Can Find Out.
As someone who likes the convenience of smart home Internet of Things IoT technology, I am regularly on the lookout for products that meet my expectations while also considering security and privacy concerns. Smart technology should never be treated differently than how we as consumers look at...
Metasploit Weekly Wrap-Up
New module content 4 Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control Authors: Emir Polat and Unknown Type: Auxiliary Pull request: 18447 contributed by emirpolatt Path: admin/http/atlassianconfluenceauthbypass AttackerKB reference: CVE-2023-22515...
CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability
On October 10, 2023, Citrix published an advisory on two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. The more critical of these two issues is CVE-2023-4966, a sensitive information disclosure vulnerability that allows an attacker to read large amounts of memory after the end of...
Metasploit Weekly Wrap-Up
That Privilege Escalation Escalated Quickly This release features a module leveraging CVE-2023-22515, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” with a CVSS score of 10. The exploit...
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability
On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...
Cloud Webinar Series Part 1: Commanding Cloud Strategies
Over the past decade, cloud computing has evolved into a cornerstone of modern business operations. Its flexibility, scalability, and efficiency have reshaped industries and brought unprecedented opportunities. However, this transformation has come with challenges—most notably those associated wi...
Cloud Webinar Series Part 1: Commanding Cloud Strategies
Over the past decade, cloud computing has evolved into a cornerstone of modern business operations. Its flexibility, scalability, and efficiency have reshaped industries and brought unprecedented opportunities. However, this transformation has come with challenges—most notably those associated wi...
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
!Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP \FIXED\https://blog.rapid7.com/content/images/2023/10/vuln-disclosure-banner.jpeg As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapi...
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers. Although these require unusual circumstances or non-default...
Metasploit Weekly Wrap-Up
Pollution in Kibana This week, contributor h00die added a module that leverages a prototype pollution bug in Kibana prior to version 7.6.3. Particularly, this issue is within the Upgrade Assistant and enables an attacker to execute arbitrary code. This vulnerability can be triggered by sending a...
The Risks of Exposing DICOM Data to the Internet
Introduction Digital Imaging and Communications in Medicine DICOM is the international standard for the transmission, storage, retrieval, print, and display of medical images and related information. While DICOM has revolutionized the medical imaging industry, allowing for enhanced patient care...
Patch Tuesday - October 2023
Microsoft is addressing 105 vulnerabilities this October Patch Tuesday, including three zero-day vulnerabilities, as well as 12 critical remote code execution RCE vulnerabilities, and one republished third-party vulnerability. WordPad: zero-day NTLM hash disclosure Another Patch Tuesday, another...
Metasploit Weekly Wrap Up
New module content 3 LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: 18197 contributed by dwelch-r7 Path: scanner/ldap/ldaplogin Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication...
Little Crumbs Can Lead To Giants
This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...
What’s New in Rapid7 Detection & Response: Q3 2023 in Review
This post takes a look at some of the investments we've made throughout Q3 2023 to our Detection and Response offerings to provide advanced DFIR capabilities with Velociraptor, more flexibility with custom detection rules, enhancements to our dashboard and log search features, and more. Stop...
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center. CVE-2023-22515 was originally announced as a privilege escalation vulnerability, but was later changed to a brok...
Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR
Working with thousands of security and risk professionals across the globe, we know that complexity is the top challenge SOCs are facing today. As the attack surface rapidly expands, security teams need more effective ways to keep pace with digital transformation and get out of the cycle of...
What’s New in InsightVM and Nexpose: Q3 2023 in Review
A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, more policy coverage, and more. Let’s...
Metasploit Weekly Wrap-Up
TeamCity authentication bypass and remote code execution This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally...
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...
Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR
Nearly 70% of companies that are breached are likely to get breached again within twelve months CPO. Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response DFIR ready to go...
Introducing Active Risk
Cyber risk is increasing both in volume and velocity. Given the landscape of threats, weaknesses, vulnerabilities, and misconfigurations, organizations, teams and vulnerability analysts alike need of better prioritization mechanisms. That's why we developed a new risk scoring methodology: Active...
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation of CVE-2023-42793 allows an unauthenticated attacker with HTTPS access to a TeamCity server to perform a remot...
Metasploit Weekly Wrap-Up
Improved Ticket Forging Metasploit’s admin/kerberos/forgeticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary...
Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise
Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...
Rapid7 doubles down on a platform approach for Vulnerability Risk Management
This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. The report, which included 11 vulnerability risk management vendors, represented Rapid7's inclusion in the Wave report for vulnerability management. We are proud to be recognized for our...
Metasploit Weekly Wrap-Up
Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...
Patch Tuesday - September 2023
Microsoft is addressing 65 vulnerabilities this September Patch Tuesday, including two zero-day vulnerabilities, as well as four critical remote code execution RCE vulnerabilities, and six republished third-party vulnerabilities. Word: zero-day NTLM hash disclosure Microsoft Word receives a patch...
Metasploit Weekly Wrap-Up
New module content 4 Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: 18286 contributed by cudalac Path: auxiliary/gather/roundcubeauthfileread AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to...
A Look at Our Development Process of the Cloud Resource Enrichment API
In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...
A Look at Our Development Process of the Cloud Resource Enrichment API
In today's ever-evolving cybersecurity landscape, detecting and responding to cyber threats is paramount for organizations in cloud environments. At the same time, investigating cyber threat alerts can be arduous due to the time-consuming and complex process of data collection. To tackle this pai...
CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)
In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...
CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)
In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...
Metasploit Weekly Wrap-Up
Pumpkin Spice Modules Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a new and improved library to interact wi...
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
Technical Analysis by: Thomas Elkins, Natalie Zargarov Contributions: Evan McCann, Tyler McGraw Recently, Rapid7 observed the Fake Browser Update lure tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to...
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...
PenTales: What It’s Like on the Red Team
At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight som...
Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library
Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog. Rapid7’s managed detection and response MDR teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances physical and virtual dating back to at least March 2023. In some...
Metasploit Weekly Wrap-Up
PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...
Why Your AWS Cloud Container Needs Client-Side Security
With increasingly complicated network infrastructure and organizations needing to deploy applications across various environments, cloud containers are necessary for companies to stay agile and innovative. Containers are packages of software that hold all of the necessary components for an app to...
Why Your AWS Cloud Container Needs Client-Side Security
With increasingly complicated network infrastructure and organizations needing to deploy applications across various environments, cloud containers are necessary for companies to stay agile and innovative. Containers are packages of software that hold all of the necessary components for an app to...
Three Security Vendor Consolidation Myths Debunked
When it comes to security vendor consolidation, Gartner found that 57% of organizations are working with fewer than ten security vendors, utilizing consolidation to cut costs and improve their overall security posture. But what about the other 43%? While security vendor consolidation has many...
Ransomware-as-a-Service Cheat Sheet
Ransomware-as-a-Service, or RaaS, has taken the threat landscape by storm — so much so that in 2023, the White House re-classified ransomware as a national security threat. How has RaaS taken the impact of ransomware attacks to this next level of federal concern? By allowing potential...
Rapid7 Takes 2023 SC Awards for Vulnerability Management and Threat Detection
The highly respected SC Awards program, hosted by SC Media, recognizes the solutions, organizations, and people driving innovation and success in information security. Now in its 26th year, the SC Awards continue to grow and evolve. Rapid7 is proud to announce we have received not one, but two...
Metasploit Weekly Wrap-Up
Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...
Join us for VeloCON 2023: Digging Deeper Together!
September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor...
Rapid7’s Mid-Year Threat Review
It will come as little surprise to most people that cyber threats in 2023 have been rather prolific. From widely exploited vulnerabilities to high-profile ransomware and extortion campaigns, the first half of the year has seen more than its fair share of large-scale incidents. Rapid7’s 2023...