Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/03/30 12:24 p.m.48 views

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and Christiaan Beek all contributed to this blog. On Wednesday,...

7.6AI score0.04373EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2023/03/29 6:35 p.m.13 views

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three

In the final installment of our webinar “Confronting Security Fears to Control Cyber Risk,” Jason Hart, Rapid7’s Chief Technology Officer, EMEA, discusses how adopting a cyber target operating model can eliminate cybersecurity silos and increase the effectiveness of your cybersecurity program. If...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/29 3:21 p.m.43 views

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software's UniData and UniVerse UniRPC server and related services running on the Linux platform. Rapid7 worked with Rocket Software to fix the issues and coordinate this disclosure. This disclosure will detail a number of differe...

10.1AI score0.62136EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2023/03/29 1:50 p.m.23 views

What’s New in InsightIDR: Q1 2023 in Review

InsightIDR received a number of exciting updates in Q1 2023, including faster search, a redesigned UI, updated investigations, support for Insight Network Sensor, Enhanced Endpoint Telemetry, and more. In our effort to empower practitioners to feel confident in their detection and response...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/28 7:35 p.m.64 views

Active Exploitation of IBM Aspera Faspex CVE-2022-47986

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On January 26, 2023, IBM published an advisory for multiple security issues affecting its Aspera Faspex software. The most critical of these was CVE-2022-47986, which is a...

9.5AI score0.99968EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2023/03/24 6:33 p.m.64 views

Metasploit Weekly Wrap-Up

Zxyel Routers Beware This week we've released a module written by first time community contributor shr70 that can exploit roughly 45 different Zyxel router and VPN models. The module exploits a buffer overflow vulnerability that results in unauthenticated remote code execution on affected devices...

7.5CVSS9.7AI score0.99134EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2023/03/23 5:5 p.m.21 views

Center for Internet Security (CIS) unveils Azure Foundations Benchmark v2.0.0

The Center for Internet Security CIS recently unveiled the latest version of their Azure Foundations Benchmark—Version 2.0.0. This is the first major release since the benchmark was originally released more than 4 years ago, which could lead you to believe that this update would come with a bunch...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/23 3:42 p.m.21 views

Reduce Risk and Regain Control with Cloud Risk Complete

Over the last 10 to 15 years, organizations have been migrating to the cloud to take advantage of the speed and scale it enables. During that time, we’ve all had to learn that new cloud infrastructure means new security challenges, and that many legacy tools and processes are unable to keep up wi...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/22 6:26 p.m.20 views

Celebrating Women’s History Month at Rapid7

Each March, we reflect on the historical accomplishments and ongoing need to support women. This, of course, should be embraced all 12 months of the year, but Women’s History Month gives us a special opportunity to learn from, celebrate, and amplify the voices of women. At Rapid7, we’re shining a...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/21 6:54 p.m.73 views

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...

7.8AI score0.00599EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2023/03/21 3:10 p.m.62 views

Rapid7 Observed Exploitation of Adobe ColdFusion

Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments. The observed activity dates back to January 2023 and has not been tied back to a specific CVE at this time. IOCs are included below. Rapid7 has...

10AI score0.97115EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2023/03/20 5:32 p.m.13 views

Practice Operations Manager Looks Back On First Five Months With Rapid7

Elianna Sfez is a Threat Intelligence Practice Operations Manager based in Rapid7’s Tel Aviv office. As she approaches her six month anniversary with the company, we sat down to chat about her new hire journey, initial impressions and experiences in her new role, Rapid7 culture, and more. Tell me...

6.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/17 7:33 p.m.69 views

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...

7.2CVSS0.2AI score0.99815EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2023/03/16 6:41 p.m.13 views

MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls

As IT infrastructure has become more and more sophisticated, so too have the techniques and tactics used by bad actors to gain access to your environment and sensitive information. That’s why it's essential to implement robust security measures to protect your organization. One way to do this is ...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/15 3:41 p.m.17 views

Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study

Volume up and not in a good way Security teams must continuously contort their efforts to effectively respond to the growing volume of cyberthreats. These constantly shifting methods in the security operations center SOC can be difficult to manage in the face of emerging external threats—it can b...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/15 3:2 p.m.18 views

Build Security Muscle Memory With Tabletop Exercises

When I was in grade school, I played football. I was scrawny and afraid to go up against anyone bigger than I was essentially everyone. I always hated Oklahoma drills and scrimmages with my team. For quite some time, I avoided “the tunnel” hoping to evade facing the bigger linemen. My coach sat m...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/15 2:0 p.m.21 views

3 Steps for Ramping Up to Fully Automated Remediation

The number one threat to cloud security is misconfiguration of resources, and frankly, it's not hard to understand why. The cloud is getting bigger, more tangled, and flat-out more unmanageable by the day. In modern Amazon Web Services AWS environments, there are typically millions of resources...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/14 11:46 p.m.206 views

Patch Tuesday - March 2023

Microsoft is offering fixes for 101 security issues for March 2023 Patch Tuesday, including two zero-day vulnerabilities; the most interesting of the two zero-day vulnerabilities is a flaw in Outlook which allows an attacker to authenticate against arbitrary remote resources as another user...

5CVSS0.4AI score0.97408EPSS
Exploits40
Rapid7 Blog
Rapid7 Blog
added 2023/03/14 7:20 p.m.18 views

Microsoft Defender for Cloud Management Port Exposure Confusion

Prior to March 9, 2023, Microsoft Defender for Cloud incorrectly marked some Azure virtual machines as having secured management ports including SSH port 22/TCP, RDP port 3389/TCP and WINRM port 5985/TCP, when in fact one or more of these ports were exposed to the internet. This occured when the...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/14 5:24 p.m.17 views

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two

Part two of Confronting Security Fears to Control Cyber Risk was presented live on March 9th for EMEA and will be delivered on March 16th for APAC. The 40-minute session focuses on the importance of developing cybersecurity elasticity. In the session, Jason Hart, Rapid7’s Chief Technology Officer...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/14 2:0 p.m.16 views

Cloud Security Strategies for Healthcare

How to Stay Secure in the Cloud While Driving Innovation and Discovery The healthcare industry is undergoing a transformational shift. Health organizations are traditionally entrenched in an on-prem way of life, but the past three years have plunged them into a digital revolution. A heightened...

6.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/10 7:0 p.m.56 views

Metasploit Weekly Wrap-Up

Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users o...

5CVSS9.5AI score0.80274EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2023/03/09 3:0 p.m.13 views

[The Lost Bots] S03E01: Tech Stack Consolidation and Bacon

!\The Lost Bots\ S03E01: Tech Stack Consolidation and Baconhttps://blog.rapid7.com/content/images/2023/03/The-Lost-Bots-logo-large.png It’s 2023, and according to Gartner, ESG, and everybody else, the vendor consolidation trend continues. Throwing tools at the problem isn’t working well, and...

1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/08 3:0 p.m.17 views

What Tech Companies Should Look For in Cloud Security

The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/07 3:9 p.m.30 views

Vulnerability Management vs. Vulnerability Assessment

Evolving networks and evolving threats When it comes to protecting your cloud or hybrid networks, what you don't know can most certainly hurt your enterprise. Today's NetOps teams are tasked with monitoring the health and performance of both on-premises and cloud applications, as well as software...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/03 8:51 p.m.102 views

Metasploit Weekly Wrap-Up

2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help...

0.3AI score0.98342EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/03/01 6:0 p.m.26 views

New InsightCloudSec Compliance Pack: Key Takeaways From the Azure Security Benchmark V3

Implementing the proper security policies and controls to keep cloud environments, and the applications and sensitive data they host secure, is a daunting task for anyone. It’s even more of a challenge for folks that are just getting started on their journey to the cloud, and for teams that lack...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/01 5:46 p.m.56 views

Active Exploitation of ZK Framework CVE-2022-36537

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...

0.2AI score0.95335EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2023/02/28 5:0 p.m.22 views

Executive Webinar: Confronting Security Fears to Control Cyber Risk

Last week, Rapid7 presented part one of a webinar called “Confronting Security Fears to Control Cyber Risk”. The webinar, which is available on demand, focused on cybersecurity simplicity and why everyone associated with your organization must develop a cybersecurity mindset. To do so, CISOs must...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/28 2:0 p.m.20 views

A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report

Each year, the research team at Rapid7 analyzes thousands of vulnerabilities in order to identify their root causes, broaden understanding of attacker behavior, and provide actionable intelligence that guides security professionals at critical moments. Our annual Vulnerability Intelligence Report...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/24 8:8 p.m.50 views

Metasploit Wrap-Up

Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...

8.8AI score0.97653EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2023/02/22 3:13 p.m.23 views

The Next Generation of Managed Detection and Response is Here

Humans are great at adapting to change—but objectively the pace of technological change has been way, way too fast. Security teams manage an average of 76 different tools. Breaches have gone from “s&@!” to “inevitable.” That’s why we built Managed Threat Complete to address the reality of today’s...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/17 9:17 p.m.107 views

Metasploit Wrap-Up

Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a...

7.5CVSS0.8AI score0.86194EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2023/02/16 5:11 p.m.25 views

Rapid7 CEO Corey E. Thomas Appointed To National Security Telecommunications Advisory Committee

President Biden has announced his intent to appoint a group of highly qualified and diverse industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the President’s National Security Telecommunications Advisory Committee NSTAC. NSTAC’s mission is to to provide the best possible...

1.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/15 9:24 p.m.19 views

CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report

In an ongoing effort to help security organizations stay competitive, we’re pleased to offer this complimentary Gartner® report, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete. The research in the report demonstrates the need for Cloud Infrastructure Entitlement...

0.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/15 12:41 a.m.140 views

Patch Tuesday - February 2023

It’s Patch Tuesday again. Microsoft is addressing fewer individual vulnerabilities this month than last, but there’s still plenty to keep admins and defenders occupied. Three zero-day vulnerabilities are vying for your attention today: a lone Microsoft Publisher vulnerability as well as a couple...

2.9CVSS0.7AI score0.82302EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2023/02/14 3:0 p.m.17 views

A Deep Dive into Reversing CODESYS

Industrial Control System ICS networking stacks are often the go-to bogeyman for infosec and cybersecurity professionals, and doubly so for offensive, red-team style security folks. How often have you been new on site, all ready to run a bog-standard nmap scan across the internal address space,...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/13 5:31 p.m.15 views

Rapid7 and USF: Building a diverse cybersecurity workforce is not optional

By Raj Samani and Peter Kaes Today marks an important day for Rapid7, for the state of Florida, and if we may be so bold, for the future of our industry. The announcement of a joint research lab between Rapid7 and the University of South Florida USF reaffirms our commitment to driving a deeper...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/10 7:39 p.m.96 views

Metasploit Weekly Wrap-Up

Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...

9CVSS0.3AI score0.99999EPSS
Exploits48
Rapid7 Blog
Rapid7 Blog
added 2023/02/09 6:36 p.m.84 views

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...

5.8CVSS0.7AI score0.45063EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/02/09 3:59 p.m.24 views

Evasion Techniques Uncovered: An Analysis of APT Methods

By Christiaan Beek, with special thanks to Matt Green DLL search order hijacking is a technique used by attackers to elevate privileges on the compromised system, evade restrictions, and/or establish persistence on the system. The Windows operating system uses a common method to look for required...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 8:37 p.m.23 views

Year In Review: Rapid7 InsightIDR

You’re in cybersecurity, so we’ll guess: 2022 crashed in with Log4Shell and, for the most part, got more challenging—never less. So, we kept making tangible improvements to InsightIDR, our cloud-native next-gen SIEM and XDR. We worked with some of our most forward-deployed practitioners: Rapid7...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 7:40 p.m.46 views

Rapid7 Recognized on Bloomberg Gender Equality Index, Continues Commitments to Support DEI

For the fifth year in a row, Rapid7 is pleased to share that we've been included in the Bloomberg Gender Equality Index. The Gender Equality Index GEI recognizes publicly traded companies for being transparent in their commitment to gender equality. This includes how they score in areas such as...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 5:27 p.m.123 views

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability rated 9.8 on the CVSS v3 risk metric impacti...

0.1AI score0.98342EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 2:5 p.m.36 views

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System DMS offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralizatio...

0.1AI score0.00582EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2023/02/06 4:46 p.m.67 views

CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On February 1, 2023, Atlassian published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting its Jira Service Management Server and Data Center...

2.7AI score0.15978EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/06 3:0 p.m.86 views

Ransomware Campaign Compromising VMware ESXi Servers

On February 3, 2023, French web hosting provider OVH and French CERT issued warnings about a ransomware campaign that was targeting VMware ESXi servers worldwide with a new ransomware strain dubbed “ESXiArgs.” The campaign appears to be leveraging CVE-2021-21974, a nearly two-year-old heap overfl...

5.8CVSS9AI score0.45063EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/02/03 7:21 p.m.53 views

Metasploit Weekly Wrap-Up

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...

0.2AI score0.99995EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2023/02/03 4:18 p.m.66 views

Exploitation of GoAnywhere MFT zero-day vulnerability

Emergent threats evolve quickly. As we learn more about this vulnerability, we will update this blog post with relevant information about technical findings, product coverage, and other information that can assist you with assessment and mitigation. On Thursday, February 2, 2023, security reporte...

0.8AI score0.99999EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2023/02/02 7:18 p.m.29 views

Troubleshooting InsightAppSec Authentication Issues

For complete visibility into the vulnerabilities in your environment, proper authentication to web apps in InsightAppSec is essential. In this article, we’ll look at issues you might encounter with macro, traffic, and selenium authentication and how to troubleshoot them. Additionally, you’ll get...

7.5AI score
Exploits0
Total number of security vulnerabilities1723