1723 matches found
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC recently proposed a regulation to require all public companies to report cybersecurity incidents within four days of determining that the incident is material. While Rapid7 generally supports the proposed rule, we are concerned that the rule requires companies to publicly disclose a cyber...
Network Access for Sale: Protect Your Organization Against This Growing Threat
Vulnerable network access points are a potential gold mine for threat actors who, once inside, can exploit them persistently. Many cybercriminals are not only interested in obtaining personal information but also seek corporate information that could be sold to the highest bidder. Infiltrating...
Metasploit Wrap-Up
Advantech iView NetworkServlet Command Injection This week Shelby Pace has developed a new exploit module for CVE-2022-2143. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469...
Pushing Open-Source Security Forward: Insights From Black Hat 2022
Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...
360-Degree XDR and Attack Surface Coverage With Rapid7
Today’s already resource-constrained security teams are tasked with protecting more as environments sprawl and alerts pile up, while attackers continue to get stealthier and add to their arsenal. To be successful against bad actors, security teams need to be proactive against evolving attacks in...
[Security Nation] Jen and Tod on Hacker Summer Camp 2022
!\Security Nation\ Jen and Tod on Hacker Summer Camp 2022https://blog.rapid7.com/content/images/2022/08/securitynationlogo-1.jpg In this episode of Security Nation, Tod and Jen chat about their experience at this year’s Hacker Summer Camp, the multi-event lineup of cybersecurity conferences in La...
Leading the Way in Tampa
If you've been to the Tampa Bay area in recent years, you've probably noticed the significant tech industry expansion taking place in the Channel District. It's an exciting time to be a part of the scene, and Rapid7 is smack in the middle. Being active in the Tampa Bay Chamber of Commerce is...
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
Over the past few weeks, five different vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one of which is unpatched, and four of which are being actively and widely exploited in the wild by well-organized threat actors. We urge organizations who use Zimbra to patch ...
Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec
“Yes, I know what applications we have publicly exposed.” How many times have you said that with confidence? I bet not too many. With the rapid pace of development that engineering teams can work at, it is becoming increasingly difficult to know what apps you have exposed to the internet, adding...
[VIDEO] An Inside Look at Black Hat 2022 From the Rapid7 Team
!\VIDEO\ An Inside Look at Black Hat 2022 From the Rapid7 Teamhttps://blog.rapid7.com/content/images/2022/08/black-hat-vlog.jpg Of all the cybersecurity conferences that fill up our summertime schedules, Hacker Summer Camp — the weeklong series of security events in Las Vegas that includes BSides...
Metasploit Weekly Wrap-Up
Putting in the work! This week we’re extra grateful for the fantastic contributions our community makes to Metasploit. The Metasploit team landed more than 5 PRs each from Ron Bowes and bcoles, adding some great new capabilities. Ron Bowes contributed four new modules targeting UnRAR, Zimbra, and...
3 Mistakes Companies Make in Their Detection and Response Programs
The goal of a detection and response D&R program is to act as quickly as possible to identify and remove threats while minimizing any fallout. Many organizations have identified the need for D&R as a critical piece of their security program, but it's often the hardest — and most costly — piece to...
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software
Rapid7 discovered vulnerabilities and “non-security” issues affecting Cisco Adaptive Security Software ASA, Adaptive Security Device Manager ASDM, and FirePOWER Services Software for ASA. Rapid7 initially reported the issues to Cisco in separate disclosures in February and March 2022. Rapid7 and...
OCSF: Working Together to Standardize Data
Teams spend a lot of time normalizing data before any analysis, investigation, or response can begin. It’s an unacceptable burden for you. And its days are finally numbered. Rapid7 and other security vendors are collaborating on an Open Cybersecurity Schema Framework OCSF, an open standard for bo...
Navigating the Evolving Patchwork of Incident Reporting Requirements
In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act CIRCIA, a bipartisan initiative that empowers CISA to require cyber incident reporting from critical infrastructure owners and operators. Rapid7 is supportive of CIRCIA and cyber incident...
Patch Tuesday - August 2022
It's the week of Hacker Summer Camp in Las Vegas, and Microsoft has published fixes for 141 separate vulnerabilities in their swath of August updates. This is a new monthly record by raw CVE count, but from a patching perspective, the numbers are slightly less dire. 20 CVEs affect their...
6 Reasons Managed Detection and Response Is Hitting Its Stride
Cyber threats have risen to the 1 concern of CEOs, which means security teams — in the hot seat for years — are really feeling it now. Files and data live in the cloud. Work is hybrid or remote. There’s turmoil around the world. Cyberattacks are not just a distant boogieman – they’re here and...
How One Engineer Upskilled Into a Salesforce Engineering Role at Rapid7
At Rapid7, we believe the growth and development of our people enables us to better serve customers who depend on us. When our Engineering team was searching for candidates to help with our Salesforce ecosystem, John Millar demonstrated many of our core values – most importantly, the appetite to...
No Damsels in Distress: How Media and Entertainment Companies Can Secure Data and Content
Streaming is king in the media and entertainment industry. According to the Motion Picture Association’s Theatrical and Home Entertainment Market Environment Report, the global number of streaming subscribers grew to 1.3 billion in 2021. Consumer demand for immediate digital delivery is...
Metasploit Weekly Wrap-Up
Log4Shell in MobileIron Core Thanks to jbaines-r7 we have yet another Log4Shell exploit. Similar to the other Log4Shell exploit modules, the exploit works by sending a JNDI string that once received by the server will be deserialized, resulting in unauthenticated remote code execution as the tomc...
CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE
The VMware Workspace ONE Access, Identity Manager, and vRealize Automation products contain a locally exploitable vulnerability whereby the under-privileged horizon user can escalate their permissions to those of the root user. Notably, the horizon user runs the externally accessible web...
Building Cybersecurity KPIs for Business Leaders and Stakeholders
In the final part of our “Hackers 're Gonna Hack” series, we’re discussing how to bring together parts one and two of operationalising cybersecurity together into an overall strategy for your organisation, measured by key performance indicators KPIs. In part one, we spoke about the problem, which...
What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022
The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on. But like many belov...
QNAP Poisoned XML Command Injection (Silently Patched)
Background CVE-2020-2509 was added to CISA’s Known Exploited Vulnerabilities Catalog in April 2022, and it was listed as one of the “Additional Routinely Exploited Vulnerabilities in 2021” in CISA’s 2021 Top Routinely Exploited Vulnerabilities alert. However, CVE-2020-2509 has no public exploit,...
[Security Nation] Curt Barnard on Defaultinator (Black Hat Arsenal Preview)
!\Security Nation\ Curt Barnard on Defaultinator \Black Hat Arsenal Preview\https://blog.rapid7.com/content/images/2022/08/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Curt Barnard, Principal Security Researcher at Rapid7, about a new tool he’ll be presenting a...
The Future of the SOC Is XDR
Extended detection and response XDR is increasingly gaining traction across the industry. In a new research ebook sponsored by Rapid7, SOC Modernization and the Role of XDR, ESG identified that 61% of security professionals claim that they are very familiar with XDR technology. While this is an...
Primary Arms PII Disclosure via IDOR (FIXED)
Update August 2, 2022: This issue was resolved by Primary Arms the same day Rapid7 published this report, and the IDOR vulnerability appears to be no longer exploitable. The Primary Arms website, a popular e-commerce site dealing in firearms and firearms-related merchandise, suffers from an...
Collaboration Drives Secure Cloud Innovation: Insights From AWS re:Inforce
This year's AWS re:Inforce conference brought together a wide range of organizations that are shaping the future of the cloud. Last week in Boston, cloud service providers CSPs, security vendors, and other leading organizations gathered to discuss how we can go about building cloud environments...
Shift Left: Secure Your Innovation Pipeline
There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...
Metasploit Weekly Wrap-Up
Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...
[VIDEO] An Inside Look at AWS re:Inforce 2022 From the Rapid7 Team
!\VIDEO\ An Inside Look at AWS re:Inforce 2022 From the Rapid7 Teamhttps://blog.rapid7.com/content/images/2022/07/aws-experience-video.jpg The summer of conferences rolls on for the cybersecurity and tech community — and for us, the excitement of being able to gather in person after two-plus year...
[The Lost Bots] Season 2, Episode 2: The Worst and Best Hollywood Cybersecurity Depictions
!\The Lost Bots\ Season 2, Episode 2: The Worst and Best Hollywood Cybersecurity Depictionshttps://blog.rapid7.com/content/images/2022/07/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In this episode, our hosts Jeffrey Gardner, Detection and Response D&R Practice Advisor, and Stephe...
What’s New in InsightVM and Nexpose: Q2 2022 in Review
The Vulnerability Management team kicked off Q2 by remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that impacted cybersecurity teams worldwide. We also made several investments to both InsightVM and Nexpose throughout the second quarter tha...
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
Exploitation is underway for one of the trio of critical Atlassian vulnerabilities that were published last week affecting several the company’s on-premises products. Atlassian has been a focus for attackers, as it was less than two months ago that we observed exploitation of CVE-2022-26134 in...
To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved
We're here with the final installment in our Pain Points: Ransomware Data Disclosure Trends report blog series, and today we're looking at a unique aspect of the report that clarifies not just what ransomware actors choose to disclose, but who discloses what, and how the ransomware landscape has...
5 SOAR Myths Debunked
A recently published ESG research ebook, sponsored by Rapid7, SOC Modernization and the Role of XDR, shows that organizations are increasingly leveraging security orchestration, automation, and response SOAR systems in an attempt to keep up with their security operations challenges. This makes...
Rapid7 at AWS re:Inforce: 2 Big Announcements
This year's AWS re:Inforce conference in Boston has been jam-packed with thrilling speakers, deep insights on all things cloud, and some much-needed in-person collaboration from all walks of the technology community. It also coincides with some exciting announcements from AWS — and we're honored ...
CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)
This advisory covers a number of issues identified in Velociraptor and disclosed by a security code review performed by Tim Goddard from CyberCX. We also thank Rhys Jenkins for working with the Velociraptor team to identify and rectify these issues. All of these identified issues have been fixed ...
ISO 27002 Emphasizes Need For Threat Intelligence
With employees reluctant to return to the office following the COVID-19 pandemic, the concept of a well-defined network perimeter has become a thing of the past for many organizations. Attack surfaces continue to expand, and as a result, threat intelligence has taken on even greater importance...
What We’re Looking Forward to at AWS re:Inforce
AWS re:Inforce 2022 starts tomorrow — Tuesday, July 26th — and we couldn't be more excited to gather with the tech, cloud, and security communities in our home city of Boston. Here's a sneak peek of the highlights to come at re:Inforce and what we're looking forward to the most this Tuesday and...
Metasploit Weekly Wrap-Up
The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog. Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's...
Cloud Threat Detection: To Agent or Not to Agent?
The shift towards cloud and cloud-native application architectures represents an evolutionary step forward from older paradigms. The adoption of containers, Kubernetes, and serverless functions, along with the use of cloud-based infrastructure, introduces a new set of risks and security challenge...
Simplify SIEM Optimization With InsightIDR
Two key ways InsightIDR helps customers tailor reporting, detection, and response — without any headaches For far too many years, security teams have accepted that with a SIEM comes compromise. You could have highly tailored and custom rule sets, but it meant endless amounts of tuning and...
4 Key Statistics to Build a Business Case for an MDR Partner
From one person to the next, the word “impact” may have wildly different connotations. Is the word being used in a positive or negative sense? For an understaffed security organization attempting to fend off attacks and plug vulnerabilities, the impact of all of that work is most likely negative:...
Deploying a SOAR Tool Doesn’t Have to Be Hard: I’ve Done It Twice
As the senior information security engineer at Brooks, an international running shoe and apparel company, I can appreciate the challenge of launching a security orchestration, automation, and response SOAR tool for the first time. I’ve done it at two different companies, so I’ll share some lesson...
[Security Nation] Jacques Chester of Shopify Talks CVSS Scores
!\Security Nation\ Jacques Chester of Shopify Talks CVSS Scoreshttps://blog.rapid7.com/content/images/2022/07/securitynationlogo-1.jpg In this episode of Security Nation, Shopify Senior Staff Software Developer Jacques Chester joins Jen and Tod to discuss his intriguing paper on CVSS scores and t...
4 Strategies for Achieving Greater Visibility in the Cloud
The cloud giveth, and the cloud taketh away. It giveth development teams the speed and scale to get applications into production and deployment faster than ever; it taketh away security teams' comfort that they know exactly what's going on in their environment. Much has been said about the...
Gimme! Gimme! Gimme! (More Data): What Security Pros Are Saying
Eight in 10 organizations collect, process, and analyze security operations data from more than 10 sources, ESG identified in a new ebook SOC Modernization and the Role of XDR, sponsored by Rapid7. Security professionals believe that the most important sources are endpoint security data 24%, thre...
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as nobody, to escalate to root on affected firewalls. To exploit this vulnerability, a remote attacker must first establish shell access on the firewall, fo...
Deploy tCell More Easily With the New AWS AMI Agent
Rapid7's tCell is a powerful tool that allows you to monitor risk and protect web applications and APIs in real time. Great! It's a fundamental part of our push to make web application security as strong and comprehensive as it needs to be in an age when web application attacks account for roughl...