1723 matches found
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and Christiaan Beek all contributed to this blog. On Wednesday,...
Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three
In the final installment of our webinar “Confronting Security Fears to Control Cyber Risk,” Jason Hart, Rapid7’s Chief Technology Officer, EMEA, discusses how adopting a cyber target operating model can eliminate cybersecurity silos and increase the effectiveness of your cybersecurity program. If...
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software's UniData and UniVerse UniRPC server and related services running on the Linux platform. Rapid7 worked with Rocket Software to fix the issues and coordinate this disclosure. This disclosure will detail a number of differe...
What’s New in InsightIDR: Q1 2023 in Review
InsightIDR received a number of exciting updates in Q1 2023, including faster search, a redesigned UI, updated investigations, support for Insight Network Sensor, Enhanced Endpoint Telemetry, and more. In our effort to empower practitioners to feel confident in their detection and response...
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On January 26, 2023, IBM published an advisory for multiple security issues affecting its Aspera Faspex software. The most critical of these was CVE-2022-47986, which is a...
Metasploit Weekly Wrap-Up
Zxyel Routers Beware This week we've released a module written by first time community contributor shr70 that can exploit roughly 45 different Zyxel router and VPN models. The module exploits a buffer overflow vulnerability that results in unauthenticated remote code execution on affected devices...
Center for Internet Security (CIS) unveils Azure Foundations Benchmark v2.0.0
The Center for Internet Security CIS recently unveiled the latest version of their Azure Foundations Benchmark—Version 2.0.0. This is the first major release since the benchmark was originally released more than 4 years ago, which could lead you to believe that this update would come with a bunch...
Reduce Risk and Regain Control with Cloud Risk Complete
Over the last 10 to 15 years, organizations have been migrating to the cloud to take advantage of the speed and scale it enables. During that time, we’ve all had to learn that new cloud infrastructure means new security challenges, and that many legacy tools and processes are unable to keep up wi...
Celebrating Women’s History Month at Rapid7
Each March, we reflect on the historical accomplishments and ongoing need to support women. This, of course, should be embraced all 12 months of the year, but Women’s History Month gives us a special opportunity to learn from, celebrate, and amplify the voices of women. At Rapid7, we’re shining a...
CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures
While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...
Rapid7 Observed Exploitation of Adobe ColdFusion
Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments. The observed activity dates back to January 2023 and has not been tied back to a specific CVE at this time. IOCs are included below. Rapid7 has...
Practice Operations Manager Looks Back On First Five Months With Rapid7
Elianna Sfez is a Threat Intelligence Practice Operations Manager based in Rapid7’s Tel Aviv office. As she approaches her six month anniversary with the company, we sat down to chat about her new hire journey, initial impressions and experiences in her new role, Rapid7 culture, and more. Tell me...
Metasploit Weekly Wrap-Up
FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...
MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls
As IT infrastructure has become more and more sophisticated, so too have the techniques and tactics used by bad actors to gain access to your environment and sensitive information. That’s why it's essential to implement robust security measures to protect your organization. One way to do this is ...
Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study
Volume up and not in a good way Security teams must continuously contort their efforts to effectively respond to the growing volume of cyberthreats. These constantly shifting methods in the security operations center SOC can be difficult to manage in the face of emerging external threats—it can b...
Build Security Muscle Memory With Tabletop Exercises
When I was in grade school, I played football. I was scrawny and afraid to go up against anyone bigger than I was essentially everyone. I always hated Oklahoma drills and scrimmages with my team. For quite some time, I avoided “the tunnel” hoping to evade facing the bigger linemen. My coach sat m...
3 Steps for Ramping Up to Fully Automated Remediation
The number one threat to cloud security is misconfiguration of resources, and frankly, it's not hard to understand why. The cloud is getting bigger, more tangled, and flat-out more unmanageable by the day. In modern Amazon Web Services AWS environments, there are typically millions of resources...
Patch Tuesday - March 2023
Microsoft is offering fixes for 101 security issues for March 2023 Patch Tuesday, including two zero-day vulnerabilities; the most interesting of the two zero-day vulnerabilities is a flaw in Outlook which allows an attacker to authenticate against arbitrary remote resources as another user...
Microsoft Defender for Cloud Management Port Exposure Confusion
Prior to March 9, 2023, Microsoft Defender for Cloud incorrectly marked some Azure virtual machines as having secured management ports including SSH port 22/TCP, RDP port 3389/TCP and WINRM port 5985/TCP, when in fact one or more of these ports were exposed to the internet. This occured when the...
Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two
Part two of Confronting Security Fears to Control Cyber Risk was presented live on March 9th for EMEA and will be delivered on March 16th for APAC. The 40-minute session focuses on the importance of developing cybersecurity elasticity. In the session, Jason Hart, Rapid7’s Chief Technology Officer...
Cloud Security Strategies for Healthcare
How to Stay Secure in the Cloud While Driving Innovation and Discovery The healthcare industry is undergoing a transformational shift. Health organizations are traditionally entrenched in an on-prem way of life, but the past three years have plunged them into a digital revolution. A heightened...
Metasploit Weekly Wrap-Up
Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users o...
[The Lost Bots] S03E01: Tech Stack Consolidation and Bacon
!\The Lost Bots\ S03E01: Tech Stack Consolidation and Baconhttps://blog.rapid7.com/content/images/2023/03/The-Lost-Bots-logo-large.png It’s 2023, and according to Gartner, ESG, and everybody else, the vendor consolidation trend continues. Throwing tools at the problem isn’t working well, and...
What Tech Companies Should Look For in Cloud Security
The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range...
Vulnerability Management vs. Vulnerability Assessment
Evolving networks and evolving threats When it comes to protecting your cloud or hybrid networks, what you don't know can most certainly hurt your enterprise. Today's NetOps teams are tasked with monitoring the health and performance of both on-premises and cloud applications, as well as software...
Metasploit Weekly Wrap-Up
2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help...
New InsightCloudSec Compliance Pack: Key Takeaways From the Azure Security Benchmark V3
Implementing the proper security policies and controls to keep cloud environments, and the applications and sensitive data they host secure, is a daunting task for anyone. It’s even more of a challenge for folks that are just getting started on their journey to the cloud, and for teams that lack...
Active Exploitation of ZK Framework CVE-2022-36537
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...
Executive Webinar: Confronting Security Fears to Control Cyber Risk
Last week, Rapid7 presented part one of a webinar called “Confronting Security Fears to Control Cyber Risk”. The webinar, which is available on demand, focused on cybersecurity simplicity and why everyone associated with your organization must develop a cybersecurity mindset. To do so, CISOs must...
A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report
Each year, the research team at Rapid7 analyzes thousands of vulnerabilities in order to identify their root causes, broaden understanding of attacker behavior, and provide actionable intelligence that guides security professionals at critical moments. Our annual Vulnerability Intelligence Report...
Metasploit Wrap-Up
Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...
The Next Generation of Managed Detection and Response is Here
Humans are great at adapting to change—but objectively the pace of technological change has been way, way too fast. Security teams manage an average of 76 different tools. Breaches have gone from “s&@!” to “inevitable.” That’s why we built Managed Threat Complete to address the reality of today’s...
Metasploit Wrap-Up
Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a...
Rapid7 CEO Corey E. Thomas Appointed To National Security Telecommunications Advisory Committee
President Biden has announced his intent to appoint a group of highly qualified and diverse industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the President’s National Security Telecommunications Advisory Committee NSTAC. NSTAC’s mission is to to provide the best possible...
CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report
In an ongoing effort to help security organizations stay competitive, we’re pleased to offer this complimentary Gartner® report, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete. The research in the report demonstrates the need for Cloud Infrastructure Entitlement...
Patch Tuesday - February 2023
It’s Patch Tuesday again. Microsoft is addressing fewer individual vulnerabilities this month than last, but there’s still plenty to keep admins and defenders occupied. Three zero-day vulnerabilities are vying for your attention today: a lone Microsoft Publisher vulnerability as well as a couple...
A Deep Dive into Reversing CODESYS
Industrial Control System ICS networking stacks are often the go-to bogeyman for infosec and cybersecurity professionals, and doubly so for offensive, red-team style security folks. How often have you been new on site, all ready to run a bog-standard nmap scan across the internal address space,...
Rapid7 and USF: Building a diverse cybersecurity workforce is not optional
By Raj Samani and Peter Kaes Today marks an important day for Rapid7, for the state of Florida, and if we may be so bold, for the future of our industry. The announcement of a joint research lab between Rapid7 and the University of South Florida USF reaffirms our commitment to driving a deeper...
Metasploit Weekly Wrap-Up
Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...
Evasion Techniques Uncovered: An Analysis of APT Methods
By Christiaan Beek, with special thanks to Matt Green DLL search order hijacking is a technique used by attackers to elevate privileges on the compromised system, evade restrictions, and/or establish persistence on the system. The Windows operating system uses a common method to look for required...
Year In Review: Rapid7 InsightIDR
You’re in cybersecurity, so we’ll guess: 2022 crashed in with Log4Shell and, for the most part, got more challenging—never less. So, we kept making tangible improvements to InsightIDR, our cloud-native next-gen SIEM and XDR. We worked with some of our most forward-deployed practitioners: Rapid7...
Rapid7 Recognized on Bloomberg Gender Equality Index, Continues Commitments to Support DEI
For the fifth year in a row, Rapid7 is pleased to share that we've been included in the Bloomberg Gender Equality Index. The Gender Equality Index GEI recognizes publicly traded companies for being transparent in their commitment to gender equality. This includes how they score in areas such as...
CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability rated 9.8 on the CVSS v3 risk metric impacti...
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System DMS offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralizatio...
CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On February 1, 2023, Atlassian published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting its Jira Service Management Server and Data Center...
Ransomware Campaign Compromising VMware ESXi Servers
On February 3, 2023, French web hosting provider OVH and French CERT issued warnings about a ransomware campaign that was targeting VMware ESXi servers worldwide with a new ransomware strain dubbed “ESXiArgs.” The campaign appears to be leveraging CVE-2021-21974, a nearly two-year-old heap overfl...
Metasploit Weekly Wrap-Up
Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...
Exploitation of GoAnywhere MFT zero-day vulnerability
Emergent threats evolve quickly. As we learn more about this vulnerability, we will update this blog post with relevant information about technical findings, product coverage, and other information that can assist you with assessment and mitigation. On Thursday, February 2, 2023, security reporte...
Troubleshooting InsightAppSec Authentication Issues
For complete visibility into the vulnerabilities in your environment, proper authentication to web apps in InsightAppSec is essential. In this article, we’ll look at issues you might encounter with macro, traffic, and selenium authentication and how to troubleshoot them. Additionally, you’ll get...