1723 matches found
XDR, the Beatles, and Blunt Instruments
Sometimes tools are blunt because there’s nothing else. Regarding economic controls for example, Fed Chair Jerome Powell said: “We have essentially interest rates, the balance sheet and forward guidance. They are famously blunt tools, they are not capable of surgical precision." Others are blunt...
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...
A Customer Success Manager’s Journey to Cybersecurity
Originally planning to pursue a career in sports journalism, Blake Walters joined Rapid7 ready to roll up his sleeves and learn about an entirely new field—cybersecurity. Walters always had an interest in computer engineering. However, he craved the ability to connect with people and build...
Rapid7 Observes Use of Microsoft OneNote to Spread Redline Infostealer Malware
Author: Thomas Elkins Contributors: Matt Green, James Dunne, and Hernan Diaz Rapid7 routinely conducts research into the wide range of techniques that threat actors use to conduct malicious activity. One objective of this research is to discover new techniques being used in the wild, so we can...
Year in Review: Rapid7 Threat Intelligence
In an evolving threat landscape, non-stop alerts and more IOC feeds don’t guarantee better protection. Security teams are overwhelmed and struggle to identify relevant threat information. Thankfully, Threat Command delivers highly contextual alerts and integration across your environment to help...
Metasploit Framework 6.3 Released
The Metasploit team is pleased to announce the release of Metasploit Framework 6.3, which adds native support for Kerberos authentication, incorporates new modules to conduct a wide range of Active Directory attacks, and simplifies complex workflows to support faster and more intuitive security...
Metasploit Weekly Wrap-Up
Cacti Unauthenticated Command Injection Thanks to community contributor Erik Wynter, Metasploit Framework now has an exploit module for an unauthenticated command injection vulnerability in the Cacti network-monitoring software. The vulnerability is due to a procopen call that accepts unsanitized...
The High Cost of Human Error In OT Systems
In baseball, a mistake made by a player that could have easily been avoided is sometimes called an “unforced error.” An unforced error is not an official error that is, they are not reflected in statistics, however, they can result in additional runs being scored, runners getting on base, and eve...
3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response: Gartner® Report
In an ongoing effort to help security organizations gain greater visibility into risk, we’re pleased to offer this complimentary Gartner® report, 3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response. This insightful research can help a security organization reali...
Rapid7 Added to Carahsoft GSA Schedule Contract
We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners. “With the ever-evolving threat landscape, it is...
Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint
We are happy to announce that Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating States, Local...
Metasploit Weekly Wrap-Up
See something say something Have an idea on how to expand on Metasploit Documentation on ? Did you see a typo or some other error on the docs site? Thanks to adfoster-r7, submitting an update to the documentation is as easy as clicking the 'Edit this page on GitHub' link on the page you want to...
Exploitation of Control Web Panel CVE-2022-44877
On January 3, 2023, security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877, an unauthenticated remote code execution vulnerability in Control Web Panel CWP, formerly known as CentOS Web Panel that had been fixed in an October 2022 release of CWP. The vulnerability...
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a pre-authentication remote code execution RCE vulnerability impacting at least 24 on-premi...
Trading Convenience for Credentials
Tap. Eat. Repeat. Regret? Using food or grocery delivery apps is great. It really is. Sure, there’s a fee, but when you can’t bring yourself to leave the house, it’s a nice treat to get what you want delivered. As a result, adoption of food apps has been incredibly fast and they are now a...
What’s New in InsightIDR: Q4 2022 in Review
As we continue to empower security teams with the freedom to focus on what matters most, Q4 focused on investments and releases that contributed to that vision. With InsightIDR, Rapid7’s cloud-native SIEM and XDR solution, teams have the scale, comprehensive contextual coverage, and expertly vett...
Gartner® Report: Questions to Ask When Selecting an MDR Provider
Measuring against the right criteria The “right” criteria is whatever works to further your security organization’s specific needs in detection and response D&R. There’s only so much budget to go around—and successfully obtaining a significant year-over-year increase can be rare. The last thing...
Metasploit Weekly Wrap-Up
New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...
Dated, Vulnerable, Insecure Tech Is All Over the News. Hooray.
Save the links. Pass them around. And consider getting your copy of the new 2023 XDR Buyer’s Guide—because if this isn’t a time for reckoning and progress, what is? The news: on Wednesday, the United States grounded all flights coast-to-coast for the first time since 9/11. The Federal Aviation...
Recog Release v3.0.3
Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...
Increasing The Sting of HIVE Ransomware
How malicious actors evade detection and disable defenses for more destructive HIVE Ransomware attacks. Rapid7 routinely conducts research into the wide range of techniques that threat actors use to conduct malicious activity. One objective of this research is to discover new techniques being use...
Ditch The Duct Tape: Reduce Security Sprawl With XDR
The New Year’s Day edition of The Wall Street Journal asked a big question in a big headline: “Can Southwest Airlines Buy Back Its Customers’ Love?” While other airlines rebounded from extreme winter weather and service disruptions, Southwest—always top-rated, with a famously loyal following—melt...
Patch Tuesday - January 2023
Microsoft is starting the new year with a bang! Today’s Patch Tuesday release addresses almost 100 CVEs. After a relatively mild holiday season, defenders and admins now have a wide range of exciting new vulnerabilities to consider. Two zero-day vulnerabilities emerged today, both affecting a wid...
Year in Review: Rapid7 Vulnerability Management
2022 began on a solemn note — many organizations across the globe were recovering from the Log4Shell zero-day vulnerability. For the InsightVM and Nexpose team, 2022 began with a lot of introspection on how we can add more value and keep meeting our customer needs in the best possible ways. This...
Metasploit Weekly Wrap-Up
Back from a quiet holiday season Thankfully, it was a relatively quiet holiday break for security this year, so we hope everyone had a relaxing time while they could. This wrapup covers the last three Metasploit releases, and contains three new modules, two updates, and five bug fixes. Make sure...
Year in Review: Rapid7 Cybersecurity Research
Welcome to 2023, a year that sounds so futuristic it is hard to believe it is real. But real it is, and make no mistake, threat actors are still out there, working hard to get into networks the world over. So, at the start of the new year, I am reminded of two particular phrases: Those who do not...
Rapid7 Announces Global Days Off to Support Employees in 2023
On January 3rd, it was a little bit quieter than usual here at Rapid7. That's because our offices were closed for our first of five Global Days Off for 2023. Global Days Off are designed to encourage teams around the world to unplug and rest, enabling them to bring their best selves back to work...
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we...
Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing
Is there a defined ecosystem, similar to what we encountered with the Internet of Things IoT, that can be charted out as it relates to smart city technology and its security implications? While evaluating IoT I struggled with defining what IoT is. I found that there were varying definitions out...
Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy
As 2023 comes hurtling towards us like some kind of maniacal arctic train full of disturbingly realistic AI-generated people, I wanted to take a moment on the blog here to announce that we here at Rapid7, Inc. have refreshed our coordinated vulnerability disclosure CVD policy and philosophy. If y...
The 2022 Naughty and Nice List
It's the holiday season when children all over the world cross their fingers in the hope that they don't end up on a certain red-clad big man's naughty list. Turns out, we at Rapid7 have a similar tradition, only we're the ones making the list and there's a whole lotta naughty going on not like...
Hallmark Channel: Securing the Season
How Crown Media protects its crown jewel It’s that time of year again…chestnuts roasting on an open-fire, kids making wish-lists, and company holiday parties where you can showcase your most outlandish ugly sweater. It’s also the time of year we all get a little bit less cynical and take in a...
Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix
In a recent blog post, we highlighted the release of an InsightCloudSec compliance pack, that helps organizations establish and adhere to AWS Foundational Security Best Practices. While that’s a great pack for those who have standardized on AWS and are looking for a trusted set of controls to...
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike...
Never Mind the Ears, Here's Security Nation
It's another year down and another season down for Security Nation. With the close of our fifth season, I wanted to take a minute here to reflect on who we spoke with and what we talked about. The show titles focus as you would expect on the individual interview subjects, but there's a bunch of...
Cengage LTI Session Management Leakage
Prior to December 10, 2022, Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration LTI pipeline. The first issue involves leaving unexpectedl...
ICYMI: 10 Cybersecurity Acronyms You Should Know in 2023
Cybersecurity is acronym-heavy to say the least. If you’re reading this, you already know. From CVE to FTP, we in IT love our abbreviations, FR FR. Truthfully though, it can be a bit much, and even the nerdiest among us miss a few. So, In Case You Missed It, here are 10 cybersecurity acronyms you...
[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us
!\The Lost Bots\ S02E06: Play “Experts or Scuttlebutt?” With Ushttps://blog.rapid7.com/content/images/2022/12/The-Lost-Bots-logo-large.png As the year winds down, Jeffrey Gardner, Detection and Response Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, collected predictions th...
Metasploit Weekly Wrap-Up
A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...
Spoiler Alert: Your Favorite Content Might Not Be Secure
Securing intellectual property in the age of consolidation Rapid7, of course, is not in the entertainment industry. However, we have worked with some clients out there in that golden land of dreams and enchantment—also known as Hollywood. Case in point: the company formerly known as Discovery, In...
Cloud Audit: Compliance + Automation
Setting your own standard Today’s regulatory environment is incredibly fractured and extensive. Depending on the industry—and the part of the world your business and/or security organization resides in—you may be subject to several regulatory compliance standards. Adding to the complexity, there ...
CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution...
Patch Tuesday - December 2022
As far as Patch Tuesdays go, defenders have a relatively light month to close out the year with only 48 CVEs being published by Microsoft today. This does not include the 24 previously disclosed vulnerabilities affecting their Chromium-based Edge browser. There are two zero-days in the mix today...
Tis the Season to Be Wary: Three Holiday Shopping Scams To Watch For
Chestnuts roasting on an open fire, scammers nipping at your bank account… that might not be the carol you were expecting, but unfortunately it’s the frosty truth. Most everyone has tons of shopping to do in preparation for holidays, whether they’re buying gifts, decorations, or tickets to visit...
CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On December 12, 2022, FortiGuard Labs published advisory FG-IR-22-398 regarding a critical CVSSv3 9.3 “heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN which may all...
Rapid7 Recognized as a Top Place to Work for 11th Consecutive Year
On November 30th, 2022, Rapid7 was again recognized by The Boston Globe as a Top Place to Work in Massachusetts. This marks the 11th consecutive year Rapid7 has made the list, this time coming in at 3 in the large company category. Top Places to Work rankings are based on a Globe survey that...
Metasploit Wrap-Up
Login brute-force utility Jan Rude added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave, destr4ct, and jheysel-r7...
AWS Graviton Processor Support on Insight Agent
By Marco Botros Marco is a Technical Product Manager for Platform at Rapid7. We are pleased to announce that the Insight Agent now supports the AWS Graviton processor. The Insight Agent supports various operating systems using the AWS Graviton processor, including Amazon Linux, Redhat, and Ubuntu...
2023 Cybersecurity Industry Predictions
With 2022 rapidly coming to a close, this is the time of year where it makes sense to take a step back and look at the year in cybersecurity, and make a few critical predictions for what the industry could face in the year ahead. In order to give the security community some insight into where we’...
About Anomalous Data Transfer detection in InsightIDR
By Shivangi Pandey Shivangi is a Senior Product Manager for D&R at Rapid7. Data exfiltration is an unauthorized movement or transfer of data occurring on an organization’s network. This can occur when a malicious actor gains access to a corporation’s network with the intention of stealing or...