Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/12/07 7:8 p.m.45 views

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)

On November 14, 2022, Rapid7's product engineering team discovered that the mechanism in Nexpose and InsightVM used to validate the source of an update file was unreliable. This failure, which involved the internal cryptographic validation of received updates, was designated as CVE-2022-4261, and...

0.5AI score0.00308EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/12/06 6:5 p.m.25 views

ISO 27001 Certification: What it is and why it matters

Did you know that Rapid7 information security management system ISMS is ISO 27001 certified? This certification validates that our security strategy and processes meet very high standards. It underscores our commitment to corporate and customer data security. What is ISO 27001? ISO 27001 is an...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/06 3:45 p.m.11 views

Get your head in the cloud(s)

Many organizations are in the midst of adopting the cloud faster than ever before; it’s arguably mission critical for their success and longevity. Just look at initiatives like digital transformation or even the digital twin which aims to bridge the gap between the physical and the digital by...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/02 9:45 p.m.14 views

Leaked Android Platform Certificates Create Risks for Users

On November 30, 2022, a Google apvi report from Łukasz Siewierski initially filed on November 11, 2022 was made public. The report contained 10 different platform certificates and malware sample SHA256 sums where the malware sample had been signed by a platform certificate — the application signi...

1.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/02 9:0 p.m.82 views

Metasploit Weekly Wrap-Up

ProxyNotShell This week's Metasploit release includes an exploit module for CVE-2022-41082, AKA ProxyNotShell by DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Orange Tsai, Piotr Bazydło, Rich Warren, Soroush Dalili, and our very own Spencer McIntyre. The vulnerability CVE-2022-41082, AKA ProxyNotShell is a...

0.6AI score0.99964EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2022/12/02 3:0 p.m.18 views

Velociraptor Version 0.6.7: Better Offline Collection, Encryption, and an Improved NTFS Parser Dig Deeper Than Ever

By Mike Cohen and Carlos Canto Rapid7 is excited to announce the release of version 0.6.7 of Velociraptor – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. This release has been in development and testing for...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/01 4:0 p.m.17 views

Powerlifting in the Cybersecurity Skills Gap

All the reasons Is there too much to do with too little talent? If your SOC hasn’t been running smoothly in a while, there’s likely multiple reasons why. As a popular slang phrase goes these days, it’s because of “all the reasons.” Budget, talent churn, addressing alerts all over the place; you...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/12/01 3:0 p.m.15 views

Can Cloud Security Be Easier Than Complex?

A bigger piece of the meal For those in the United States and certain parts of the world, it’s time for end-of-year holidays. That means lots and lots of big meals to celebrate these special occasions. Each dish created becomes part of that larger meal. Another important event that occurs around...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/30 2:2 p.m.18 views

Rapid7 Integration For AWS Verified Access

Today at re:invent, Amazon Web Services AWS unveiled its new AWS Verified Access service, and we are thrilled to announce that InsightIDR — Rapid7’s next-gen SIEM and XDR — will support log ingestion from this new service when it is made generally available. What Is AWS Verified Access? AWS...

1.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/29 8:24 p.m.17 views

InsightIDR Launches Integration With New AWS Security Data Lake Service

It has been an action-packed day at AWS re:Invent. For security professionals, one of the most exciting announcements has to be the launch of Amazon Security Lake. We see a lot of potential for this new service, which is why Rapid7 is proud to announce the immediate availability of an integration...

2.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/29 4:0 p.m.13 views

Unifying Threat Findings to Elevate Your Runtime Cloud Security

The widespread growth in cloud adoption in recent years has given businesses across all industries the ability to transform and scale in ways never before possible. However, the speed of those changes, combined with the drastically increased volume and complexity of resources in cloud environment...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/28 6:37 p.m.12 views

Reducing Risk In The Cloud with Agentless Vulnerability Management

In order to gain visibility into vulnerabilities in their public cloud environments, many organizations still rely on agent or network-based scanning technology that was initially built for traditional infrastructure and endpoints. These methods often struggle to keep up with the speed of change...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/25 5:14 p.m.127 views

Metasploit Weekly Wrap-Up

F5 Big-IP This week’s Metasploit release contains 2 new modules released as part of the Rapid7 F5 BIG-IP and iControl REST Vulnerabilities research article. These discoveries were made by our very own Ron Bowes, who developed an exploit module for authenticated RCE against F5 devices running in...

0.3AI score0.87987EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2022/11/22 6:45 p.m.8 views

Aligning to AWS Foundational Security Best Practices With InsightCloudSec

Written by Ryan Blanchard and James Alaniz When an organization is moving their IT infrastructure to the cloud or expanding with net-new investment, one of the hardest tasks for the security team is to identify and establish the proper security policies and controls to keep their cloud environmen...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/22 2:48 p.m.15 views

Search Made Easy: InsightIDR’s Secret Weapon for Efficiency and Efficacy

By Matt Heidet Matt is a Senior Information Security Engineer at a Regional Financial Institution. He is a Customer and Guest Blogger for Rapid7 Have you ever groaned when divvying up incidents from a pen-test amongst an overworked team? Or maybe you’ve struggled to present how you adhere to...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/18 9:49 p.m.84 views

Metasploit Weekly Wrap-Up

Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...

6CVSS1.1AI score0.9851EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2022/11/17 4:59 p.m.19 views

Better Cloud Security Shouldn’t Require Bigger Budgets

Stretching what you’re given How can you do more when you’re constantly being given the same or less? When security budgets don’t match the pace of the cloud operations they’re tasked with securing, the only thing to do is become an expert in the stretch. It’s hard, and you might currently be und...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/17 3:56 p.m.19 views

Rapid7 and HashiCorp Partner to Secure Terraform-based Cloud Infrastructure Deployments

Welcome to the latest installment in our cloud security “shift-left” blog series. In our last post, we covered the importance of integrating cloud infrastructure security assessments into DevOps tools and enabling Infrastructure as Code IaC developers. This time, we’re focusing on Rapid7’s recent...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/16 3:48 p.m.12 views

Rapid7 Takes Home 2 Awards and a Highly Commended Recognition at the 2022 Belfast Telegraph IT Awards

Rapid7 was honored at the Belfast Telegraph's annual IT Awards, Friday, taking home a pair of awards including the coveted “Best Place to Work in IT” in the large company category award, and the “Cyber Security Project of the Year” award, for groundbreaking machine learning research in applicatio...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/16 3:0 p.m.114 views

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS detailed in F5's Base Operating Systems support article. The affected products are detailed in the vendor advisories below: CVE-2022-41622: BIG-IP and BIG-IQ are...

10AI score0.87987EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2022/11/15 6:0 p.m.18 views

How to Develop a SOAR Workflow to Automate a Critical Daily Task

As the senior information security engineer at Brooks, an international running shoe and apparel company, I can appreciate the challenge of launching a security orchestration, automation, and response SOAR tool for the first time as well as investing your time and budget into making a new securit...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/15 3:37 p.m.176 views

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 announcing fixes for three vulnerabilities: CVE-2022-27510 “Unauthorized access to Gateway user capabilities” CVE-2022-27513 “Remote desktop takeover via...

1.9AI score0.01231EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/11/14 3:54 p.m.17 views

GraphQL Security: The Next Evolution in API Protection

GraphQL is an open-source data query and manipulation language that can be used to build application program interfaces APIs. Since its initial inception by Facebook in 2012 and subsequent release in 2015, GraphQL has grown steadily in popularity. Some estimate that by 2025, more than 50% of...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/11 9:16 p.m.46 views

Metasploit Weekly Wrap-Up

ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...

7.7AI score0.02846EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/11 1:41 p.m.50 views

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

As stated in our OpenSSL Buffer Overflow blog post, the CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate. CVE-2022-3786 can overflow an arbitrary number of bytes on the stack with the “.” character a...

3.7AI score0.91153EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2022/11/10 5:30 p.m.16 views

Culture Fitness

Have you checked in on the overall health of your team lately? What would a new hire think of your current team? Companies all over the world – particularly those of the higher-profile variety – tout their positive cultures and how great it is to be part of the team. This is especially true in th...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/10 2:30 p.m.12 views

Cloud Security: Buyer Be Critical

Tailoring solutions to challenges It takes a toolbox with different, well, tools to secure an ever-expanding operational perimeter in the cloud. Think about what’s under the general daily purview of cloud security teams: preventing misconfigurations, taming threats and vulnerabilities, and so muc...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/09 4:0 p.m.10 views

New Research: Optimizing DAST Vulnerability Triage with Deep Learning

On November 11th 2022, Rapid7 will for the first time publish and present state-of-the-art machine learning ML research at AISec, the leading venue for AI/ML cybersecurity innovations. Led by Dr. Stuart Millar, Senior Data Scientist, Rapid7's multi-disciplinary ML group has designed a novel deep...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/09 2:23 p.m.20 views

New MITRE Engenuity ATT&CK® Evaluation: Rapid7 MDR Excels

Every Managed Services organization claims they have the expertise and technology to effectively detect and respond to threats. But can they prove it? Assessing these services and how they’d perform in a real-world scenario just got easier with results from the first ever MITRE ATT&CK Evaluations...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/08 8:2 p.m.166 views

Patch Tuesday - November 2022

It’s a relatively light Patch Tuesday this month by the numbers – Microsoft has only published 67 new CVEs, most of which affect their flagship Windows operating system. However, four of these are zero-days, having been observed as exploited in the wild. The big news is that two older zero-day CV...

0.8AI score0.99964EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2022/11/08 7:7 p.m.22 views

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory, how to extract file system data from the device, and how to modify the data we've extracted. In this post, we'll cover how to gain root access...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/04 7:14 p.m.56 views

Metasploit Weekly Wrap-Up

C is for cookie And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel added an exploit module based on CVE-2022-24706 targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie that allows users to run OS commands. This fake computer I just made says...

10CVSS8.2AI score0.99618EPSS
Exploits36
Rapid7 Blog
Rapid7 Blog
added 2022/11/04 1:0 p.m.240 views

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

As stated in our Apache Commons Text blog post, CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input, and affects versions 1.5 through 1.9. This vulnerability has been patched as of Commons Text version 1.10...

1AI score0.99931EPSS
Exploits41
Rapid7 Blog
Rapid7 Blog
added 2022/11/03 1:8 p.m.27 views

Go Inside Rapid7 MDR: Timelines and Tick Tocks

They say by 2025, half of all businesses will turn to a managed detection and response MDR service. Breaches are called “inevitable” now. And even with a blank check, most companies couldn’t hire their way to tight security: the expertise just isn’t out there. In this new eBook you’ll find real...

0.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/02 3:6 p.m.18 views

Common questions when evolving your VM program

Authored by Natalie Hurd Perhaps your organization is in the beginning stages of planning a digital transformation, and it’s time to start considering how the security team will adapt. Or maybe your digital transformation is well underway, and the security team is struggling to keep up with the...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/01 7:25 p.m.27 views

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory and how to extract file system data from the device. In this post, we'll cover how to modify the data we've extracted. Modify extracted file...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/01 4:38 p.m.1731 views

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

The Rapid7 research team will update this blog post as we learn more details about this vulnerability and its attack surface area. The OpenSSL project released version 3.0.7 on November 1, 2022, to address CVE-2022-3786 and CVE-2022-3602, two high-severity vulnerabilities affecting OpenSSL’s 3.0....

0.4AI score0.91153EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2022/10/31 2:46 p.m.25 views

7 Rapid Questions with Toshio Honda, Sr. Security Solutions Engineer

Toshio Honda, Sr. Security Solutions Engineer You have been with Rapid7 for 4 years now, what originally attracted you to work here? I worked for a cybersecurity company who is a leader for the “Prevention” area prior to joining Rapid7, and I was looking for the next opportunity based on 3...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/28 5:45 p.m.41 views

Metasploit Weekly Wrap-UP

GLPI htmLawed PHP Command Injection Our very own bwatters-r7 wrote a module for an unauthenticated PHP command injection vulnerability that exists in various versions of GLPI. The vulnerability is due to a third-party vendor test script being present in default installations. A POST request to...

9.9AI score0.99628EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2022/10/27 6:55 p.m.27 views

From Churn to Cherry on Top: How to Foster Talent in a Cybersecurity Skills Gap

The mythical unicorn pipeline When it comes to building a cybersecurity talent pipeline that feeds directly into your company, there’s one go-to source for individuals who are perfectly credentialed, know 100% of all the latest technology, and will be a perfect culture-fit: Imaginationland. Of...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/27 3:22 p.m.155 views

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation NSX-V solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8. The vulnerability arises from a deserialization...

6CVSS2.2AI score0.9851EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2022/10/26 6:5 p.m.44 views

[Security Nation] Jeremi Gosney on the Psychology of Password Hygiene

!\Security Nation\ Jeremi Gosney on the Psychology of Password Hygienehttps://blog.rapid7.com/content/images/2022/10/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod talk to renowned password security expert Jeremi Gosney about how we are all guilty of bad password...

7.5CVSS9.4AI score0.92144EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2022/10/25 5:40 p.m.34 views

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data. Extracting partition data The next step in our hands-on IoT hacking...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/24 3:19 p.m.15 views

Adapting existing VM programs to regain control

Stop me if you’ve heard this before. The scale, speed and complexity of cloud environments — particularly when you introduce containers and microservices — has made the lives of security professionals immensely harder. While it may seem trite, the reason we keep hearing this refrain is because,...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/21 5:31 p.m.152 views

Metasploit Weekly Wrap-Up

Zimbra with Postfix LPE CVE-2022-3569 This week rbowes added an LPE exploit for Zimbra with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can run postfix as root which in turn is capable of executing arbitrary shellscripts. This can be abused for reliable privilege...

7.5CVSS0.6AI score0.99998EPSS
Exploits47
Rapid7 Blog
Rapid7 Blog
added 2022/10/20 1:0 p.m.12 views

New Research: We’re Still Terrible at Passwords; Making it Easy for Attackers

Passwords, amirite? We all have them. Probably a lot of them. And they are among the most important lines of defense against nefarious attackers seeking access to our online accounts. Sadly, as we all know too well, password health isn’t exactly our collective strong suit and too often we hear...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/19 2:42 p.m.12 views

[The Lost Bots] S02E05: The real magic in the Magic Quadrant

!\The Lost Bots\ S02E05: The real magic in the Magic Quadranthttps://blog.rapid7.com/content/images/2022/10/The-Lost-Bots-logo-large.png In this episode, we discuss the best use of market research reports, like Magic Quadrants and Waves. If you're in the market for a new cybersecurity solution, d...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/18 4:0 p.m.22 views

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1

Rapid7 was back this year at DEF CON 30 participating at the IoT Village with another hands-on hardware hacking exercise, with the goal of teaching attendees' various concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics,...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/18 1:30 p.m.83 views

FLEXlm and Citrix ADM Denial of Service Vulnerability

Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and not CVE-2022-27511, which has a different root cause. On June 27, 2022, Citrix released an advisory for CVE-2022-27511 and CVE-2022-27512, which affect Citrix ADM Application Delivery Management. Rapid7 investigated...

7.8CVSS0.12048EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/18 1:30 p.m.20 views

Emerging best practices for securing cloud-native environments

Globally, IT experts recognise security as the most significant barrier to cloud adoption, in part because many of the ways of securing traditional IT environments are not always applicable to cloud-native infrastructure. As a result, security teams may find themselves behind the curve and...

6.8AI score
Exploits0
Total number of security vulnerabilities1723