Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/10/17 8:36 p.m.2092 views

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

UPDATE 10/18/22: A previous version of this blog indicated that five JDK versions JDK 15+ were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so...

0.5AI score0.99931EPSS
Exploits41
Rapid7 Blog
Rapid7 Blog
added 2022/10/17 3:42 p.m.12 views

Addressing the Evolving Attack Surface Part 1: Modern Challenges

Lately, we’ve been hearing a lot from our customers requesting help on how to manage their evolving attack surface. As new 0days appear, new applications are spun up, and cloud instances change hourly, it can be hard for our customers to get a full view of risk into their environments. We put...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 5:3 p.m.59 views

Metasploit Wrap-Up

Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...

6.8CVSS1.2AI score0.98253EPSS
Exploits68
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 3:0 p.m.20 views

Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk

Authored by Sanjeev Williams and Ryan Blanchard Today almost all cloud users, roles, and identities are overly permissive. This leads to repeated headlines and forensic reports of attackers leveraging weak identity postures to gain a foothold, and then moving laterally within an organization's...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 1:2 p.m.18 views

A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR

To be great at something, you have to be a little obsessed. That's true whether you want to be a chess grandmaster, become an internationally recognized CEO, or build the best cybersecurity platform on the planet. At Rapid7, our laser-focus has always been trained on one thing: helping digital...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/13 6:36 p.m.16 views

The Intelligent Listing: Cybersecurity Job Descriptions That Deliver

Modern job descriptions have quite the reputation for causing reactionary eye-rolling. Why? Because what used to be a couple of paragraphs – about requirements and experience for performing a cybersecurity analyst job – is actually now filled with a laundry list of criteria that make candidates...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/13 3:36 p.m.14 views

We're Challenging Convention. Rapid7 Recognized in the 2022 Gartner® Magic Quadrant™ for SIEM.

As the attack surface sprawls, under-resourced security teams have inherent disadvantages. Rapid7 InsightIDR enables resource constrained security teams to achieve sophisticated detection and response, with greater efficiency and efficacy. As a Challenger in the 2022 Gartner Magic Quadrant for...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/12 6:5 p.m.111 views

[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research

!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...

9.9AI score0.99984EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2022/10/12 1:0 p.m.19 views

Real-Time Risk Mitigation in Google Cloud Platform

With Google Cloud Next happening this week, there’s been some recent water cooler talk - okay, informal, ad hoc Zoom calls - where discussions about what makes Google Cloud Platform GCP unique when it comes to security. A few specific differences have popped up here and there default data...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/11 6:35 p.m.230 views

Patch Tuesday - October 2022

The October batch of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser. Top of mind for many this month is whether Microsoft would patch the two Exchange Server zero-day vulnerabilities...

1.6AI score0.99964EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2022/10/07 7:7 p.m.58 views

Metasploit Weekly Wrap-Up

Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt...

6.5CVSS8.7AI score0.92943EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2022/10/07 4:24 p.m.5034 views

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On October 3, 2022, Fortinet released a software update that indicates then-current versions of their FortiOS firewall and FortiProxy web proxy software are vulnerable to CVE-2022-4068...

5CVSS2.2AI score0.99999EPSS
Exploits45
Rapid7 Blog
Rapid7 Blog
added 2022/10/06 5:13 p.m.1082 views

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

Note: Zimbra release 9.0.0 P27 addressed this vulnerability on October 10, 2022. CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation. The vulnerability is due to the method cpio in which Zimbra’s...

5CVSS0.1AI score0.98975EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2022/10/05 2:0 p.m.21 views

What's New in InsightIDR: Q3 2022 in Review

This Q3 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward for your organization. 360-degree XDR and attack surface coverage with Rapid7 The Rapid7 XDR suite — flagship InsightIDR, alongside InsightConnect SOAR, and Thre...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/04 3:3 p.m.21 views

Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before

Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. After several months of development and testing, we are excited to share its powerfu...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/30 6:47 p.m.181 views

Metasploit Weekly Wrap-Up

Veritas Backup Exec Agent RCE This module kindly provided by c0rs targets the Veritas Backup Exec Agent in order to gain RCE as the system/root user. The exploit itself is actually a chain of 3 separate CVEs CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878 which only makes it more impressive...

9CVSS0.99998EPSS
Exploits49
Rapid7 Blog
Rapid7 Blog
added 2022/09/29 8:50 p.m.333 views

CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server

On Thursday, September 29, a Vietnamese security firm called GTSC published information and IOCs on what they claimed was a pair of unpatched Microsoft Exchange Server vulnerabilities being used in attacks on their customers’ environments dating back to early August 2022. The impact of...

9.4AI score0.99964EPSS
Exploits16
Rapid7 Blog
Rapid7 Blog
added 2022/09/29 7:3 p.m.9 views

[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting

!\The Lost Bots\ S02E04: Cyber's Most Dangerous Game — Threat Huntinghttps://blog.rapid7.com/content/images/2022/09/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In this episode, we dive into one of our favorite topics: threat hunting. It's a subject we've talked about before, but...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/29 4:53 p.m.19 views

The Empty SOC Shop: Where Has All the Talent Gone?

Anyone involved in hiring security analysts in the last few years is likely painfully aware of the cybersecurity skills shortage – but the talent hasn’t “gone anywhere” so much as it’s been bouncing around all over the place, looking for the highest bidder and most impactful work environment...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/28 7:0 p.m.54 views

[Security Nation] Taki Uchiyama of Panasonic on Product Security and Incident Response

!\Security Nation\ Taki Uchiyama of Panasonic on Product Security and Incident Responsehttps://blog.rapid7.com/content/images/2022/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Taki Uchiyama about his work on Panasonic’s Product Security Incident Response...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/28 2:11 p.m.174 views

What’s New in InsightVM and Nexpose: Q3 2022 in Review

Another quarter comes to a close! While we definitely had our share of summer fun, our team continued to invest in the product, releasing features and updates like recurring coverage for enterprise technologies, performance enhancements, and more. Let’s take a look at some of the key releases in...

10CVSS9.9AI score0.99999EPSS
Exploits189
Rapid7 Blog
Rapid7 Blog
added 2022/09/27 2:24 p.m.14 views

How to Deploy a SIEM That Actually Works

I deployed my SIEM in days, not months – here’s how you can too As an IT administrator at a highly digitized manufacturing company, I spent many sleepless nights with no visibility into the activity and security of our environment before deploying a security information and event management SIEM...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/23 6:50 p.m.93 views

Metasploit Weekly Wrap-Up

Have you built out that awesome media room? If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote. I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member...

9CVSS8.1AI score0.99174EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2022/09/22 2:53 p.m.18 views

One Year After IntSights Acquisition, Threat Intel’s Value Is Clear

Rapid7 Strengthens Market Position With 360-Degree XDR and Best-in-Class Threat Intelligence Offerings Time flies… and provides opportunities to establish proof points. After recently passing the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings t...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/21 5:50 p.m.17 views

Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity

As we get closer to closing out 2022, the talk in the market continues to swirl around extended detection and response XDR solutions. What are they? What are the benefits? Should my team adopt XDR, and if yes, how do we evaluate vendors to determine the best approach? While there continue to be...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/21 2:37 p.m.17 views

How to Accelerate Your SOAR Program to Full Speed in Less Than a Year

Every new technology comes with a learning curve specific to your organization. First you learn the basics, then you accelerate. Rapid7’s offerings are no different. As a Senior Information Security Engineer at Brooks, I have firsthand experience with this process. I oversaw the implementation of...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/20 3:14 p.m.1231 views

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804. The advisory reveals a command injection vulnerability in multiple API endpoints, which allows an attacker with access to a public repository or with read permissions to a...

10CVSS0.8AI score0.99174EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2022/09/16 8:9 p.m.40 views

Metasploit Weekly Wrap-Up

BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced...

9CVSS8.2AI score0.86086EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2022/09/14 7:0 p.m.42 views

[Security Nation] Chris Levendis and Lisa Olson on Cloud CVEs

!\Security Nation\ Chris Levendis and Lisa Olson on Cloud CVEshttps://blog.rapid7.com/content/images/2022/09/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Chris Levendis of MITRE and Lisa Olson of Microsoft about assigning CVE IDs for vulnerabilities affecting...

4CVSS0.2AI score0.03082EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/14 1:15 p.m.11 views

The 2022 SANS Top New Attacks and Threats Report Is In, and It's Required Reading

The latest Top New Attacks and Threat Report from the cybersecurity experts at SANS is here — and the findings around cyberthreats, attacks, and best practices to defend against them are as critical for security teams as they've ever been. If you're unfamiliar with the SysAdmin, Audit, Network, a...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/13 8:11 p.m.280 views

Patch Tuesday - September 2022

This month’s Patch Tuesday is on the lighter side, with 79 CVEs being fixed by Microsoft including 16 CVEs affecting Chromium, used by their Edge browser, that were already available. One zero-day was announced: CVE-2022-37969 is an elevation of privilege vulnerability affecting the Log File Syst...

1.9CVSS1.1AI score0.85646EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2022/09/13 6:50 p.m.17 views

How a Principal Engineer Made His Journey to Cloud Security With Rapid7

The first programming language I learned in my childhood was Pascal. I was 12 years old at the time, and I quickly developed a passion for technology. From a young age, I always knew I wanted to learn engineering and computer science. I wanted to solve big design and architecture problems while...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/13 2:6 p.m.14 views

Grey Time: The Hidden Cost of Incident Response

The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming. To see that in action, let’s look at a hypothetical scenario that should feel familiar to most cybersecurity analysts. An everyday story A security engineer, Casey, is tuning a SIEM...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/12 2:43 p.m.37 views

InsightVM: Best Practices to Improve Your Console

Over the years, our recommendations and best practices for the InsightVM console have changed with the improvements and updates we’ve made to the system. Here are some of the most common improvements to help you get the most out of your InsightVM console in 2022. Ensure everything is up to date T...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/09 7:43 p.m.113 views

Metasploit Weekly Wrap-Up

Authenticated command injection vulnerability of Cisco ASA-X with FirePOWER Services: jbaines-r7 added a new module that exploits an authenticated command injection vulnerability CVE-2022-20828 of Cisco ASA-X with FirePOWER Services. This vulnerability affects all Cisco ASA appliances that suppor...

9CVSS0.8AI score0.92984EPSS
Exploits16
Rapid7 Blog
Rapid7 Blog
added 2022/09/09 2:33 p.m.23 views

Integrating Cloud Security With DevOps and CI/CD Tools

This is the latest post in our blog series on shifting left in cloud security. In our last post, we kicked off the series with a high-level overview about Rapid7’s approach to shifting cloud security into the application development lifecycle. For this post, we’ll dive into a key aspect of our...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/08 4:30 p.m.75 views

Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)

Rapid7, Inc. Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare. The affected products are: SIGMA Spectrum Infusion Pump Firmware Version 8.00.01 SIGMA Wi-Fi Battery Firmware Versions 16, 17, 20 D29 Rapid7 initially reported these issues to Baxte...

0.9AI score0.01062EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2022/09/08 1:45 p.m.20 views

VeloCON 2022: Digging Deeper Together!

September 15, 2022 | Live at 9 am EDT | Virtual and Free Join the open-source digital forensics and incident response DFIR community for a day-long, virtual summit as we DIG DEEPER TOGETHER! Have you ever wanted to share your passion and interest in Velociraptor with the rest of the community?...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/07 2:1 p.m.17 views

3 Ways to Improve Data Protection in the Cloud

Cloud complexity is now a well-documented and widely felt phenomenon across technology teams — IT, development, and security alike. Multi-cloud architectures have become the norm, with 89% of organizations embracing a strategy that involves multiple cloud vendors. Not only are companies managing...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/06 6:58 p.m.12 views

5 Things Rapid7 Looks for in a BDR, and How We Spot Them

Every successful organization has a great salesforce. At Rapid7, the Business Development Representative BDR Program is a huge source of talent for our sales organization. Some of our most successful salespeople come from the program. So, what is it? The BDR Program at Rapid7 is an entry-level...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/06 3:48 p.m.19 views

5 Steps for Dealing With Unknown Environments in InsightVM

Trying to deal with a large network can be difficult. All too often, engineers and admins don't know the full scope of their environment and have trouble defining the actual subnets and the systems that exist on those subnets. They know of a couple /24 subnets here or there, but it's very possibl...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/02 7:39 p.m.167 views

Metasploit Weekly Wrap-Up

ICPR Certificate Management This week Metasploit has a new ICPR Certificate Management module from Oliver Lyak and our very own Spencer McIntyre, which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful i...

10CVSS8.5AI score0.99374EPSS
Exploits93
Rapid7 Blog
Rapid7 Blog
added 2022/09/02 1:15 p.m.30 views

Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense

Last month, the Institute for Security and Technology’s IST Ransomware Task Force RTF launched the Blueprint for Ransomware Defense, a mitigation, response, and recovery plan for small- and medium-sized enterprises. This action plan is a cross-industry document that targets business leaders and...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/09/01 2:30 p.m.20 views

25 Years of Nmap: Happy Scan-iversary!

I didn't know it then, but on September 1, 1997, my life changed. That was the day that Fyodor's Nmap was first released to the world, courtesy of the venerable Phrack magazine. By the way, check out our recent podcast with Fyodor himself if you haven’t yet. At the time, I had just started my...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/31 6:0 p.m.30 views

[Security Nation] Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

!\Security Nation\ Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scannerhttps://blog.rapid7.com/content/images/2022/08/securitynationlogo-2.jpg In this episode of Security Nation, Jen and Tod chat with Gordon “Fyodor” Lyon, author of the widely used open-source Nmap Security Scanner. On...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/30 1:39 p.m.20 views

Rapid7 Makes Security Compliance Complexity a Thing of the Past With InsightIDR

As a unified SIEM and XDR solution, InsightIDR gives organizations the tools they need to drive an elevated and efficient compliance program. Cybersecurity standards and compliance are mission-critical for every organization, regardless of size. Apart from the direct losses resulting from a data...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/26 9:47 p.m.362 views

Metasploit Wrap-Up

Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...

6.5CVSS0.5AI score0.98975EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2022/08/26 1:31 p.m.20 views

Incident Reporting Regulations Summary and Chart

A growing number of regulations require organizations to report significant cybersecurity incidents. We've created a chart that summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what cyber incidents must be...

0.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/25 4:36 p.m.13 views

[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished

!\The Lost Bots\ S02E03: Browser-in-Browser Attacks — Don't Get \Cat-Phishedhttps://blog.rapid7.com/content/images/2022/08/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In our latest episode, we're talking about phishing attacks — but not your standard run-of-the-mill version...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/24 2:0 p.m.17 views

Cybersecurity Analysts: Job Stress Is Bad, but Boredom Is Kryptonite

Years ago, “airline pilot” used to be a high-stress profession. Imagine being in personal control of equipment worth millions hurtling through the sky on an irregular schedule with the lives of all the passengers in your hands. But today on any given flight, autopilot is engaged almost 90% of the...

0.1AI score
Exploits0
Total number of security vulnerabilities1723