1723 matches found
CVE-2022-42889: Keep Calm and Stop Saying "4Shell"
UPDATE 10/18/22: A previous version of this blog indicated that five JDK versions JDK 15+ were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so...
Addressing the Evolving Attack Surface Part 1: Modern Challenges
Lately, we’ve been hearing a lot from our customers requesting help on how to manage their evolving attack surface. As new 0days appear, new applications are spun up, and cloud instances change hourly, it can be hard for our customers to get a full view of risk into their environments. We put...
Metasploit Wrap-Up
Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...
Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk
Authored by Sanjeev Williams and Ryan Blanchard Today almost all cloud users, roles, and identities are overly permissive. This leads to repeated headlines and forensic reports of attackers leveraging weak identity postures to gain a foothold, and then moving laterally within an organization's...
A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR
To be great at something, you have to be a little obsessed. That's true whether you want to be a chess grandmaster, become an internationally recognized CEO, or build the best cybersecurity platform on the planet. At Rapid7, our laser-focus has always been trained on one thing: helping digital...
The Intelligent Listing: Cybersecurity Job Descriptions That Deliver
Modern job descriptions have quite the reputation for causing reactionary eye-rolling. Why? Because what used to be a couple of paragraphs – about requirements and experience for performing a cybersecurity analyst job – is actually now filled with a laundry list of criteria that make candidates...
We're Challenging Convention. Rapid7 Recognized in the 2022 Gartner® Magic Quadrant™ for SIEM.
As the attack surface sprawls, under-resourced security teams have inherent disadvantages. Rapid7 InsightIDR enables resource constrained security teams to achieve sophisticated detection and response, with greater efficiency and efficacy. As a Challenger in the 2022 Gartner Magic Quadrant for...
[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research
!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...
Real-Time Risk Mitigation in Google Cloud Platform
With Google Cloud Next happening this week, there’s been some recent water cooler talk - okay, informal, ad hoc Zoom calls - where discussions about what makes Google Cloud Platform GCP unique when it comes to security. A few specific differences have popped up here and there default data...
Patch Tuesday - October 2022
The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser. Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities...
Metasploit Weekly Wrap-Up
Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt...
CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On October 3, 2022, Fortinet released a software update that indicates then-current versions of their FortiOS firewall and FortiProxy web proxy software are vulnerable to CVE-2022-4068...
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
Note: Zimbra release 9.0.0 P27 addressed this vulnerability on October 10, 2022. CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation. The vulnerability is due to the method cpio in which Zimbra’s...
What's New in InsightIDR: Q3 2022 in Review
This Q3 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward for your organization. 360-degree XDR and attack surface coverage with Rapid7 The Rapid7 XDR suite — flagship InsightIDR, alongside InsightConnect SOAR, and Thre...
Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before
Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. After several months of development and testing, we are excited to share its powerfu...
Metasploit Weekly Wrap-Up
Veritas Backup Exec Agent RCE This module kindly provided by c0rs targets the Veritas Backup Exec Agent in order to gain RCE as the system/root user. The exploit itself is actually a chain of 3 separate CVEs CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 which only makes it more impressive...
CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server
On Thursday, September 29, a Vietnamese security firm called GTSC published information and IOCs on what they claimed was a pair of unpatched Microsoft Exchange Server vulnerabilities being used in attacks on their customers’ environments dating back to early August 2022. The impact of...
[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting
!\The Lost Bots\ S02E04: Cyber's Most Dangerous Game — Threat Huntinghttps://blog.rapid7.com/content/images/2022/09/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In this episode, we dive into one of our favorite topics: threat hunting. It's a subject we've talked about before, but...
The Empty SOC Shop: Where Has All the Talent Gone?
Anyone involved in hiring security analysts in the last few years is likely painfully aware of the cybersecurity skills shortage – but the talent hasn’t “gone anywhere” so much as it’s been bouncing around all over the place, looking for the highest bidder and most impactful work environment...
[Security Nation] Taki Uchiyama of Panasonic on Product Security and Incident Response
!\Security Nation\ Taki Uchiyama of Panasonic on Product Security and Incident Responsehttps://blog.rapid7.com/content/images/2022/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Taki Uchiyama about his work on Panasonic’s Product Security Incident Response...
What’s New in InsightVM and Nexpose: Q3 2022 in Review
Another quarter comes to a close! While we definitely had our share of summer fun, our team continued to invest in the product, releasing features and updates like recurring coverage for enterprise technologies, performance enhancements, and more. Let’s take a look at some of the key releases in...
How to Deploy a SIEM That Actually Works
I deployed my SIEM in days, not months – here’s how you can too As an IT administrator at a highly digitized manufacturing company, I spent many sleepless nights with no visibility into the activity and security of our environment before deploying a security information and event management SIEM...
Metasploit Weekly Wrap-Up
Have you built out that awesome media room? If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote. I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member...
One Year After IntSights Acquisition, Threat Intel’s Value Is Clear
Rapid7 Strengthens Market Position With 360-Degree XDR and Best-in-Class Threat Intelligence Offerings Time flies… and provides opportunities to establish proof points. After recently passing the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings t...
Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity
As we get closer to closing out 2022, the talk in the market continues to swirl around extended detection and response XDR solutions. What are they? What are the benefits? Should my team adopt XDR, and if yes, how do we evaluate vendors to determine the best approach? While there continue to be...
How to Accelerate Your SOAR Program to Full Speed in Less Than a Year
Every new technology comes with a learning curve specific to your organization. First you learn the basics, then you accelerate. Rapid7’s offerings are no different. As a Senior Information Security Engineer at Brooks, I have firsthand experience with this process. I oversaw the implementation of...
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804. The advisory reveals a command injection vulnerability in multiple API endpoints, which allows an attacker with access to a public repository or with read permissions to a...
Metasploit Weekly Wrap-Up
BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced...
[Security Nation] Chris Levendis and Lisa Olson on Cloud CVEs
!\Security Nation\ Chris Levendis and Lisa Olson on Cloud CVEshttps://blog.rapid7.com/content/images/2022/09/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Chris Levendis of MITRE and Lisa Olson of Microsoft about assigning CVE IDs for vulnerabilities affecting...
The 2022 SANS Top New Attacks and Threats Report Is In, and It's Required Reading
The latest Top New Attacks and Threat Report from the cybersecurity experts at SANS is here — and the findings around cyberthreats, attacks, and best practices to defend against them are as critical for security teams as they've ever been. If you're unfamiliar with the SysAdmin, Audit, Network, a...
Patch Tuesday - September 2022
This month’s Patch Tuesday is on the lighter side, with 79 CVEs being fixed by Microsoft including 16 CVEs affecting Chromium, used by their Edge browser, that were already available. One zero-day was announced: CVE-2022-37969 is an elevation of privilege vulnerability affecting the Log File Syst...
How a Principal Engineer Made His Journey to Cloud Security With Rapid7
The first programming language I learned in my childhood was Pascal. I was 12 years old at the time, and I quickly developed a passion for technology. From a young age, I always knew I wanted to learn engineering and computer science. I wanted to solve big design and architecture problems while...
Grey Time: The Hidden Cost of Incident Response
The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming. To see that in action, let’s look at a hypothetical scenario that should feel familiar to most cybersecurity analysts. An everyday story A security engineer, Casey, is tuning a SIEM...
InsightVM: Best Practices to Improve Your Console
Over the years, our recommendations and best practices for the InsightVM console have changed with the improvements and updates we’ve made to the system. Here are some of the most common improvements to help you get the most out of your InsightVM console in 2022. Ensure everything is up to date T...
Metasploit Weekly Wrap-Up
Authenticated command injection vulnerability of Cisco ASA-X with FirePOWER Services: jbaines-r7 added a new module that exploits an authenticated command injection vulnerability CVE-2022-20828 of Cisco ASA-X with FirePOWER Services. This vulnerability affects all Cisco ASA appliances that suppor...
Integrating Cloud Security With DevOps and CI/CD Tools
This is the latest post in our blog series on shifting left in cloud security. In our last post, we kicked off the series with a high-level overview about Rapid7’s approach to shifting cloud security into the application development lifecycle. For this post, we’ll dive into a key aspect of our...
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)
Rapid7, Inc. Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare. The affected products are: SIGMA Spectrum Infusion Pump Firmware Version 8.00.01 SIGMA Wi-Fi Battery Firmware Versions 16, 17, 20 D29 Rapid7 initially reported these issues to Baxte...
VeloCON 2022: Digging Deeper Together!
September 15, 2022 | Live at 9 am EDT | Virtual and Free Join the open-source digital forensics and incident response DFIR community for a day-long, virtual summit as we DIG DEEPER TOGETHER! Have you ever wanted to share your passion and interest in Velociraptor with the rest of the community?...
3 Ways to Improve Data Protection in the Cloud
Cloud complexity is now a well-documented and widely felt phenomenon across technology teams — IT, development, and security alike. Multi-cloud architectures have become the norm, with 89% of organizations embracing a strategy that involves multiple cloud vendors. Not only are companies managing...
5 Things Rapid7 Looks for in a BDR, and How We Spot Them
Every successful organization has a great salesforce. At Rapid7, the Business Development Representative BDR Program is a huge source of talent for our sales organization. Some of our most successful salespeople come from the program. So, what is it? The BDR Program at Rapid7 is an entry-level...
5 Steps for Dealing With Unknown Environments in InsightVM
Trying to deal with a large network can be difficult. All too often, engineers and admins don't know the full scope of their environment and have trouble defining the actual subnets and the systems that exist on those subnets. They know of a couple /24 subnets here or there, but it's very possibl...
Metasploit Weekly Wrap-Up
ICPR Certificate Management This week Metasploit has a new ICPR Certificate Management module from Oliver Lyak and our very own Spencer McIntyre, which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful i...
Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense
Last month, the Institute for Security and Technology’s IST Ransomware Task Force RTF launched the Blueprint for Ransomware Defense, a mitigation, response, and recovery plan for small- and medium-sized enterprises. This action plan is a cross-industry document that targets business leaders and...
25 Years of Nmap: Happy Scan-iversary!
I didn't know it then, but on September 1, 1997, my life changed. That was the day that Fyodor's Nmap was first released to the world, courtesy of the venerable Phrack magazine. By the way, check out our recent podcast with Fyodor himself if you haven’t yet. At the time, I had just started my...
[Security Nation] Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner
!\Security Nation\ Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scannerhttps://blog.rapid7.com/content/images/2022/08/securitynationlogo-2.jpg In this episode of Security Nation, Jen and Tod chat with Gordon “Fyodor” Lyon, author of the widely used open-source Nmap Security Scanner. On...
Rapid7 Makes Security Compliance Complexity a Thing of the Past With InsightIDR
As a unified SIEM and XDR solution, InsightIDR gives organizations the tools they need to drive an elevated and efficient compliance program. Cybersecurity standards and compliance are mission-critical for every organization, regardless of size. Apart from the direct losses resulting from a data...
Metasploit Wrap-Up
Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...
Incident Reporting Regulations Summary and Chart
A growing number of regulations require organizations to report significant cybersecurity incidents. We've created a chart that summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what cyber incidents must be...
[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished
!\The Lost Bots\ S02E03: Browser-in-Browser Attacks — Don't Get \Cat-Phishedhttps://blog.rapid7.com/content/images/2022/08/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In our latest episode, we're talking about phishing attacks — but not your standard run-of-the-mill version...
Cybersecurity Analysts: Job Stress Is Bad, but Boredom Is Kryptonite
Years ago, “airline pilot” used to be a high-stress profession. Imagine being in personal control of equipment worth millions hurtling through the sky on an irregular schedule with the lives of all the passengers in your hands. But today on any given flight, autopilot is engaged almost 90% of the...