Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/07/15 4:0 p.m.23 views

Metasploit Weekly Wrap-Up

JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos in his...

6CVSS1AI score0.7431EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2022/07/14 2:47 p.m.11 views

InsightVM Release Update: Let’s Focus on Remediation for Just a Minute

Think of an endeavor in your life where your success is entirely dependent on the success of others. What’s the first example that comes to mind? It’s common in team sports – a quarterback and a wide receiver, a fullback and their goalie, an equestrian and their horse. What if you narrow the scop...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/13 3:45 p.m.82 views

It’s the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP

Summer is in full swing, and that means soaring temperatures, backyard grill-outs, and the latest roundup of Q2 application security improvements from Rapid7. Yes, we know you’ve been waiting for this moment with more anticipation than Season 4 of Stranger Things. So let’s start running up that...

7.5CVSS0.1AI score0.99677EPSS
Exploits100
Rapid7 Blog
Rapid7 Blog
added 2022/07/13 12:45 p.m.23 views

Creating an Exceptional Workplace: Building and Expansion in a Post-COVID World

Since its launch in 2011, Rapid7 UK has been on a mission to build a strong footprint in the region. Today, the company is celebrating the opening of its newly expanded and designed Reading office, located in the Thames Valley District at Forbury Place. This new location was selected to reflect...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/12 7:40 p.m.130 views

Patch Tuesday - July 2022

Microsoft’s updates for July's Patch Tuesday fix 86 CVEs, including two vulnerabilities in their Chromium-based Edge browser that were patched earlier in the month. One 0-day vulnerability has been patched: CVE-2022-22047 affects all currently supported versions of Microsoft’s pervasive operating...

9CVSS1.6AI score0.8834EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2022/07/12 6:20 p.m.14 views

The Forecast Is Flipped: Flipping L&D to Ensure Continuous Growth

At Rapid7, we staunchly believe that our people are central to upholding our mission and embodying our core values to ultimately drive our customers into a more secure future. For this reason, Rapid7 works tediously to ensure that our Moose have ample opportunities to learn and grow in their...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/12 1:45 p.m.14 views

3 Key Challenges for Cloud Identity and Access Management

Identity and access management IAM is one of the most critical tools for today's cloud-centric environment. Businesses' IT architectures have become more highly distributed than ever, and users need to access a growing suite of cloud services on demand. Determining the identities of users and...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/11 2:27 p.m.18 views

Rapid7 MDR Reduced Breaches by 90% via Greater Efficiency to Detect, Investigate, Respond to, and Remediate Breaches

When a security operations center SOC is operating at a deficit, they increase the possibility of beach reductions. That is, the likelihood they won’t be able to travel to any beaches – or any vacation destinations whatsoever – anytime in the near future. That can lead to burnout, which can lead ...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/08 6:35 p.m.28 views

Metasploit Weekly Wrap-Up

DFSCoerce - Distributing more than just files DFS Distributed File System is now distributing Net-NTLM credentials thanks to Spencer McIntyre with a new auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how it functions. Note that unlike PetitPotam, this technique does...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/08 2:5 p.m.10 views

Today’s SOC Strategies Will Soon Be Inadequate

New research sponsored by Rapid7 explores the momentum behind security operations center SOC modernization and the role extended detection and response XDR plays. ESG surveyed over 370 IT and cybersecurity professionals in the US and Canada – responsible for evaluating, purchasing, and utilizing...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/08 7:0 a.m.11 views

How to Build and Enable a Cyber Target Operating Model

Cybersecurity is complex and ever-changing. Organisations should be able to evaluate their capabilities and identify areas where improvement is needed. In the webinar “Foundational Components to Enable a Cyber Target Operating Model,” – part two of our Cybersecurity Series – Jason Hart, Chief...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/07 7:9 p.m.70 views

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

In April 2022, telecommunications company Mitel published a security advisory on CVE-2022-29499, a data validation vulnerability in the Service Appliance component of MiVoice Connect, a business communications product. The vulnerability, which was unpatched at time of publication, arose from...

10CVSS1.6AI score0.56967EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/07 2:0 p.m.16 views

For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus

Welcome back to the third installment of Rapid7's Pain Points: Ransomware Data Disclosure Trends blog series, where we're distilling the key highlights of our ransomware data disclosure research paper one industry at a time. This week, we'll be focusing on the financial services industry, one of...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/06 6:0 p.m.19 views

[Security Nation] Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challenge

!\Security Nation\ Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challengehttps://blog.rapid7.com/content/images/2022/07/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod are joined again by Pete Cooper and Irene Pontisso of the UK...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/06 3:0 p.m.13 views

What's New in InsightIDR: Q2 2022 in Review

This Q2 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward for your organization. New interactive HTML reports InsightIDR's new HTML reports incorporate the interactive features you know and love from our dashboards...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/05 3:22 p.m.14 views

Cloud Complexity Requires a Unified Approach to Assessing Risk

There has been an unprecedented acceleration in the shift to the cloud as a result of the COVID-19 pandemic. McKinsey experts estimate companies have moved to the cloud “24 times faster ... than they thought” over the past two years. As organizations move quickly to scale, drive innovation, and...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/01 6:44 p.m.62 views

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement...

7.5CVSS0.5AI score0.99714EPSS
Exploits59
Rapid7 Blog
Rapid7 Blog
added 2022/07/01 2:42 p.m.11 views

Rapid7 Belfast Recognized for “Company Connection” During COVID-19 Pandemic

Irish News has recognized Rapid7 in its Workplace and Employment Awards, where we’ve taken home the trophy for Best Company Connection. Reflecting on the past two years, this award recognizes the organization that best demonstrates how it has adapted its workplace well-being strategy to the...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/30 1:20 p.m.13 views

[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes

!\The Lost Bots\ Season 2, Episode 1: SIEM Deployment in 10 Minuteshttps://blog.rapid7.com/content/images/2022/06/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In the first installment of Season 2, Rapid7 Detection and Response D&R Practice Advisor Jeffrey Gardner and his new co-hos...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/29 2:9 p.m.27 views

Application Security in 2022: Where Are We Now?

It’s always a good thing to take a step back every once in a while to take the lay of the land. Like you, we are always working at a breakneck pace to help secure the web applications being built today and ready ourselves to secure the innovations of the future. When Forrester put out The State o...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/28 6:0 p.m.14 views

For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

Welcome to the second installment in our series looking at the latest ransomware research from Rapid7. Two weeks ago, we launched "Pain Points: Ransomware Data Disclosure Trends", our first-of-its-kind look into the practice of double extortion, what kinds of data get disclosed, and how the...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/28 2:50 p.m.106 views

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610: Externally Controlled Reference to a Resource in Another Sphere, wherein a malicious MySQL server can request local file content from a client without explicit authorization from...

7.8CVSS7AI score0.06977EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2022/06/27 2:3 p.m.15 views

API Security: Best Practices for a Changing Attack Surface

API usage is skyrocketing. According to the latest State of the API Report, API requests increased by 56% last year to a total of 855 million, and Google says the growth isn’t expected to slow any time soon. APIs – short for application programming interfaces – are a critical component of how...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/24 6:51 p.m.30 views

Metasploit Weekly Wrap-Up

Add Windows target support for the Confluence OGNL injection module Improves the exploit/multi/http/atlassianconfluencenamespaceognlinjection module to support Windows server targets. This new target can be used to run payloads in memory with Powershell using the new payload adapters or drop an...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/24 2:11 p.m.16 views

Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever

Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. This release has been in development and testing for several months now, and we are...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/23 10:39 p.m.217 views

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can read arbitrary system files when using the SSH interface due to an argument injection vulnerability affecting the diagnose command. Additionally, a remote and highly privileged user can write arbitrary system files when using the SSH...

7.8CVSS0.6AI score0.78303EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2022/06/23 3:10 p.m.17 views

Two Rapid7 Solutions Take Top Honors at SC Awards Europe

LONDON—We are pleased to announce that two Rapid7 solutions were recognized on Tuesday, June 21, at the prestigious SC Awards Europe, which were presented at the London Marriott, Grosvenor Square. InsightIDR took the top spot in the Best SIEM Solution category, and Threat Command brought home the...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/23 12:50 p.m.14 views

Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction

In-house security organizations these days are operating at an extreme deficit. Skeleton crews are running entire security operations centers SOCs. A constant barrage of alerts is making it difficult for these teams to detect and investigate every alert and stay ahead of today’s evolving threats...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/22 6:0 p.m.18 views

[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence

!\Security Nation\ Steve Micallef of SpiderFoot on Open-Source Intelligencehttps://blog.rapid7.com/content/images/2022/06/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creato...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/22 3:0 p.m.17 views

How to Secure App Development in the Cloud, With Tips From Gartner

Building applications in the cloud has been great for development speed and scalability, but it can sometimes feel more like a sustained migraine for security teams. How do you keep your cloud applications safe without resorting to a dizzying patchwork of overlapping tools and dispersed services?...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/17 5:35 p.m.20 views

Metasploit Weekly Wrap-Up

vCenter Secret Extracter Expanding on the work of the vcenterforgesamltoken auxiliary module, community contributor npm-cesium137-io has added a new module for extracting the vmdir/vmafd certificates, the IdP keypair, the VMCA root cert, and anything from vmafd that has a private key associated,...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/17 7:0 a.m.13 views

4 Strategies to Help Your Cybersecurity Budget Work Harder

The digital economy is being disrupted by data. An estimated 79 zettabytes of data was created and consumed in 2021— a staggering amount that is reshaping how we do business. But as the volume and value of data increases, so does the motivation for hackers to steal it. As such, cybersecurity is a...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/16 8:3 p.m.60 views

CVE-2022-27511: Citrix ADM Remote Device Takeover

On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their Application Delivery Management ADM product. A remote, unauthenticated attacker can leverage CVE-2022-27511 to reset administrator credentials to the default...

7.8CVSS0.7AI score0.12048EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/16 5:19 p.m.17 views

Security Is Shifting in a Cloud-Native World: Insights From RSAC 2022

The cloud has become the default for IT infrastructure and resource delivery, allowing an unprecedented level of speed and flexibility for development and production pipelines. This helps organizations compete and innovate in a fast-paced business environment. But as the cloud becomes more...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/16 1:0 p.m.14 views

New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers

Ransomware is one of the most pressing and diabolical threats faced by cybersecurity teams today. Gaining access to a network and holding that data for ransom has caused billions in losses across nearly every industry and around the world. It has stopped critical infrastructure like healthcare...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/15 1:49 p.m.9 views

Complimentary GartnerⓇ Report "How to Respond to the 2022 Cyberthreat Landscape": Ransomware Edition

First things first — if you're a member of a cybersecurity team bouncing from one stressful identify vulnerability, patch, repeat cycle to another, claim your copy of the GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape" right now. It will help you understand the current landscap...

0.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/14 7:37 p.m.170 views

Patch Tuesday - June 2022

June's Patch Tuesday sees Microsoft releasing fixes for over 60 CVEs. Top of mind for many administrators this month is CVE-2022-30190, also known as Follina, which was observed being exploited in the wild at the end of May. Microsoft provided mitigation instructions disabling the MSDT URL protoc...

10CVSS0.8AI score0.99374EPSS
Exploits68
Rapid7 Blog
Rapid7 Blog
added 2022/06/14 5:10 p.m.335 views

CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)

A remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers by leveraging a flaw that leads to a null pointer deference within the Windows kernel. We believe this vulnerability would be scored as CVSSv3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

10CVSS8.9AI score0.99938EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2022/06/13 2:47 p.m.17 views

Defending Against Tomorrow's Threats: Insights From RSAC 2022

The rapidly changing pace of the cyberthreat landscape is on every security pro's mind. Not only do organizations need to secure complex cloud environments, they're also more aware than ever that their software supply chains and open-source elements of their application codebase might not be as...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/10 6:7 p.m.219 views

Metasploit Weekly Wrap-Up

A Confluence of High-Profile Modules This release features modules covering the Confluence remote code execution bug CVE-2022-26134 and the hotly-debated CVE-2022-30190, a file format vulnerability in the Windows Operating System accessible through malicious documents. Both have been all over the...

9.3CVSS0.8AI score0.99999EPSS
Exploits137
Rapid7 Blog
Rapid7 Blog
added 2022/06/10 2:27 p.m.10 views

[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team​

!\VIDEO\ An Inside Look at the RSA 2022 Experience From the Rapid7 Team​https://blog.rapid7.com/content/images/2022/06/RSAC-2022-experience.jpg The two years since the last RSA Conference have been pretty uneventful. Sure, COVID-19 sent us all to work from home for a little while, but it's not as...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/09 4:39 p.m.474 views

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes. Since Metasploit 6.1.0 August 2021 until the latest Metasploit 6.2.0 release we’ve added: 138 new modules 148 enhancements and features 156 bug fixes Top modules Each...

10CVSS0.99999EPSS
Exploits563
Rapid7 Blog
Rapid7 Blog
added 2022/06/08 2:50 p.m.22 views

[Security Nation] Phillip Maddux on HoneyDB, the Open-Source Honeypot Data Project

!\Security Nation\ Phillip Maddux on HoneyDB, the Open-Source Honeypot Data Projecthttps://blog.rapid7.com/content/images/2022/06/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Phillip Maddux about his project HoneyDB, a site that pulls data together from honeypo...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/07 3:24 p.m.23 views

Identifying Cloud Waste to Contain Unnecessary Costs

Cloud adoption has exploded over the past decade or so, and for good reason. Many digital transformation advancements – and even the complete reimagination of entire industries – can be directly mapped and attributed to cloud innovation. While this rapid pace of innovation has had a profound impa...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/06 4:0 p.m.62 views

The Hidden Harm of Silent Patches

Hey all. I'm about to head off to RSAC 2022, but I wanted to jot down some thoughts I've had lately on a particularly squirrelly issue that comes up occasionally in coordinated vulnerability disclosure CVD — the issue of silent patches, and how they tend to help focused attackers and harm IT...

3.6CVSS7.5AI score0.00782EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/06 1:25 p.m.19 views

Evaluating the Security of an Enterprise IoT Deployment at Domino's Pizza

Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things IoT-based business solution they had designed and deployed throughout their US store locations. The goal of this research project was to understand the security implications arou...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/03 7:35 p.m.64 views

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...

6.5CVSS0.4AI score0.91501EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2022/06/03 1:36 p.m.26 views

Cybersecurity Is More Than a Checklist: Joel Yonts on Tech’s Unfair Disadvantage

Breaches caused by misconfigurations are alarmingly common. Over a third of all cyberattacks in 2020 were the result of firewall, cloud, and server misconfigurations. The tech industry is at the highest risk of bad actors taking advantage of these preventable vulnerabilities, with the information...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/02 11:27 p.m.1060 views

Active Exploitation of Confluence CVE-2022-26134

On June 2, 2022, Atlassian published a security advisory for CVE-2022-26134, a critical unauthenticated remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability was unpatched when it was published on June 2. As of June 3, both patches and a temporary...

9.3CVSS0.99999EPSS
Exploits149
Rapid7 Blog
Rapid7 Blog
added 2022/06/02 1:15 p.m.19 views

The Average SIEM Deployment Takes 6 Months. Don’t Be Average.

If you’re part of the huge growth in demand for cloud-based SIEM Security Information and Event Management, claim your copy of the new Gartner® Report: “How to Deploy a SIEM Solution Successfully.” Depending on what SIEM you choose, and how you approach the process, getting to operational and...

7.1AI score
Exploits0
Total number of security vulnerabilities1723