1723 matches found
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
On May 30, 2022, Microsoft Security Response Center MSRC published a blog on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool msdt in Windows. Microsoft’s advisory on CVE-2022-30190 indicates that exploitation has been detected in the wild. According to Microsof...
3 Takeaways From the 2022 Verizon Data Breach Investigations Report
Sometimes, data surprises you. When it does, it can force you to rethink your assumptions and second-guess the way you look at the world. But other times, data can reaffirm your assumptions, giving you hard proof they're the right ones — and providing increased motivation to act decisively based ...
Metasploit Weekly Wrap-Up
PetitPotam Improvements Metasploit’s Ruby support has been updated to allow anonymous authentication to SMB servers. This is notably useful while exploiting the PetitPotam vulnerability with Metasploit, which can be used to coerce a Domain Controller to send an authentication attempt over SMB to...
The Forecast Is Flipped: Flipping L&D Enables Managers to Be Impact Multipliers
At Rapid7, we recognize that managers are at the heart of our mission and are central to optimizing the potential of our people. So naturally, focusing on the growth and development of our manager population became critical to productivity, engagement, retention, and creating strong teams, as wel...
The Rapid7 Sales Culture and Experience: An Inside Look From 2 VPs
Sales roles are all about people. That holds true not only when you're building relationships with prospects but also in your day-to-day experience on the team. Having the right culture and people around you can make or break your success, satisfaction, and long-term growth. If you're a job seeke...
[Security Nation] Omer Akgul and Richard Roberts on YouTube VPN Ads
!\Security Nation\ Omer Akgul and Richard Roberts on YouTube VPN Adshttps://blog.rapid7.com/content/images/2022/05/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with academics Omer Akgul and Richard Roberts about their recent paper, “Investigating Influencer VPN Ads ...
What It Takes to Securely Scale Cloud Environments at Tech Companies Today
In January 2021, foreign trade marketing platform SocialArks was the target of a massive cyberattack. Security Magazine reported that the rapidly growing startup experienced a breach of over 214 million social media profiles and 400GB of data, exposing users' names, phone numbers, email addresses...
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service VGAuthService.exe from running in a guest Windows environment and can crash this service, thus rendering the guest unstable. In some very contrived circumstances, the attacker can leak file content to which they d...
A Year on from the Ransomware Task Force Report
If you follow cybersecurity, you’ve likely seen one of the many articles written recently on the one-year anniversary of the Colonial Pipeline ransomware attack, which saw fuel delivery suspended for six days, disrupting air and road travel across the southeastern states of the US. The Colonial...
DFIR Without Limits: Moving Beyond the “Sucker's Choice” of Today’s Breach Response Services
Three-quarters of CEOs and their boards believe a major breach is “inevitable.” And those closest to the action? Like CISOs? They’re nearly unanimous. Gartner is right there, too. Their 2021 Market Guide for Digital Forensics and Incident Response DFIR Services recommends you “operate under the...
Metasploit Weekly Wrap-Up
Zyxel firewall unauthenticated command injection This week, our very own Jake Baines added an exploit module that leverages CVE-2022-30525, an unauthenticated remote command injection vulnerability in Zyxel firewalls with zero touch provisioning ZTP support. Jake is also the author of the origina...
Are You in the 2.5% Who Meet This Cybersecurity Job Requirement?
Of course you’re special. So are we. But decades of research tells us humans believe they’re good multitaskers – and we are really, seriously not. It seems a measly 2.5% of us can multitask well. The rest of us are best when we focus on a single goal, allowing the left and right sides of our brai...
CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
On May 18, 2022, VMware published VMSA-2022-0014 on CVE-2022-22972 and CVE-2022-22973. The more severe of the two vulnerabilities is CVE-2022-22972, a critical authentication bypass affecting VMware’s Workspace ONE Access, Identity Manager, and vRealize Automation solutions. The vulnerability...
Find, Fix, and Report OWASP Top 10 Vulnerabilities in InsightAppSec
With the release of the new 2021 OWASP Top 10 late last year, OWASP made some fundamental and impactful changes to its ubiquitous reference framework. We published a high-level breakdown of the changes, followed by some deep dives into specific types of threats that made the new Top 10. But the...
Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7
The Rapid7 InsightConnect Extension library is getting bigger! We’ve teamed up with IT operations platform, Automox, to release a new plugin and technology alliance that closes the aperture of attack for vulnerability findings and automates remediation. Using the Automox Plugin for Rapid7...
Metasploit Weekly Wrap-Up
Spring4Shell module Community contributor vleminator added a new module which exploits CVE-2022-22965—more commonly known as "Spring4Shell." Depending on its deployment configuration, Java Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older can be vulnerable to unauthenticated...
Update for CIS Google Cloud Platform Foundation Benchmarks - Version 1.3.0
The Center for Internet Security CIS recently released an updated version of their Google Cloud Platform Foundation Benchmarks - Version 1.3.0. Expanding on previous iterations, the update adds 21 new benchmarks covering best practices for securing Google Cloud environments. The updates were broa...
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...
[Security Nation] Jim O’Gorman and g0tmi1k on Kali Linux
!\Security Nation\ Jim O’Gorman and g0tmi1k on Kali Linuxhttps://blog.rapid7.com/content/images/2022/05/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod sit down with Jim O’Gorman and Ben “g0tmi1k” Wilson of Offensive Security to chat about Kali Linux. They walk our host...
Patch Tuesday - May 2022
This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there’s plenty of work to be done by system and network administrators, as usual. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows...
What's Changed for Cybersecurity in Banking and Finance: New Study
Cybersecurity in financial services is a complex picture. Not only has a range of new tech hit the industry in the last 5 years, but compliance requirements introduce another layer of difficulty to the lives of infosec teams in this sector. To add to this picture, the overall cybersecurity...
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory listing several vulnerabilities, including CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST with a CVSSv3 base score of 9.8. The vulnerability affects several different versions of BIG-IP prior to 17.0.0,...
[Infographic] Cloud Misconfigurations: Don't Become a Breach Statistic
!\Infographic\ Cloud Misconfigurations: Don't Become a Breach Statistichttps://blog.rapid7.com/content/images/2022/05/miconfigurations-infographic-clip2.jpg No one wants their company to be named in the latest headline-grabbing data breach. Luckily, there are steps you can take to keep your...
Metasploit Wrap-Up
VMware Workspace ONE Access RCE Community contributor wvu has developed a new Metasploit Module which exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI in VMware Workspace ONE Access, to execute shell commands as the ‘horizon’ user. This module has a CVSSv3 base scor...
Unsung Security Superheroes: You’re Now Sung
Get your copy of Rapid7’s first comic: XDR vs. Exploito. Available now! We’re all more connected than ever, and security practitioners keep everyone – governments, organizations, businesses, and 4.95 billion people – as safe as they can be. “XDR vs Exploito” isn’t “Dr. Strange and the Multiverse ...
XSS in JSON: Old-School Attacks for Modern Applications
I recently wrote a blog post on injection-type vulnerabilities and how they were knocked down a few spots from 1 to 3 on the new OWASP Top 10 for 2022. The main focus of that article was to demonstrate how stack traces could be — and still are — used via injection attacks to gather information...
Is Your Kubernetes Cluster Ready for Version 1.24?
Kubernetes rolled out Version 1.24 on May 3, 2022, as its first release of 2022. This version is packed with some notable improvements, as well as new and deprecated features. In this post, we will cover some of the more significant items on the list. The Dockershim removal The new release has...
MDR, MEDR, SOCaaS: Which Is Right for You?
Getting the most from managed services Even if a security team was given a blank check to spend whatever they wanted and hire however they wanted, it would still be a massive effort to build a detection and response D&R program tailored to that organization’s specific needs. Thankfully, the...
Cloud-Native Application Protection (CNAPP): What's Behind the Hype?
There's no shortage of acronyms when it comes to security product categories. DAST, EDR, CWPP — it sometimes feels like we're awash in a sea of letters, and that can be a little dizzying. Every once in a while, though, a new term pops up that cuts through the noise, thanks to a combination of...
Metasploit Wrap-Up
Redis Sandbox Escape Our very own Jake Baines wrote a module that performs a sandbox escape on Redis versions between 5.0.0 and 6.1.0 and achieves remote code execution as the redis user. Redis installations can be password protected, so this module supports exploiting the vulnerability with and...
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
On April 6, 2022, VMware published VMSA-2022-0011, which detailed multiple security vulnerabilities. The most severe of these is CVE-2022-22954, a critical remote code execution vulnerability affecting VMware’s Workspace ONE Access and Identity Manager solutions. The vulnerability arises from a...
[Security Nation] Whitney Merrill on the Crypto & Privacy Village (and the Latest in Data Privacy)
!\Security Nation\ Whitney Merrill on the Crypto & Privacy Village \and the Latest in Data Privacy\https://blog.rapid7.com/content/images/2022/04/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Whitney Merrill, Data Protection Officer at Asana, about her work on...
How to Strategically Scale Vendor Management and Supply Chain Security
This post is co-authored by Collin Huber Recent security events — particularly the threat actor activity from the Lapsu$ group, Spring4Shell, and various new supply-chain attacks — have the security community on high alert. Security professionals and network defenders around the world are wonderi...
Velociraptor Version 0.6.4: Dead Disk Forensics and Better Path Handling Let You Dig Deeper
Rapid7 is pleased to announce the release of Velociraptor version 0.6.4 – an advanced, open-source digital forensics and incident response DFIR tool that enhances visibility into your organization’s endpoints. This release has been in development and testing for several months now and has a lot o...
Opportunistic Exploitation of WSO2 CVE-2022-29464
On April 18, 2022, MITRE published CVE-2022-29464 , an unrestricted file upload vulnerability affecting various WSO2 products. WSO2 followed with a security advisory explaining the vulnerability allowed unauthenticated and remote attackers to execute arbitrary code in the following products: API...
Metasploit Weekly Wrap-Up
ManageEngine ADSelfService Plus Authenticated RCE This module is pretty exciting for us because it's for a vulnerability discovered by our very own Rapid7 researchers Jake Baines, Hernan Diaz, Andrew Iwamaye, and Dan Kelly. The vulnerability allowed for attackers to leverage the "custom script"...
Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row
For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing DAST solution with container and cloud security, security...
2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends
Every year, Rapid7's team of cloud security experts and researchers put together a report to review data from publicly disclosed breaches that occurred over the prior year. The goal of this report is to unearth patterns and trends in cloud-related breaches and persistent exposures, so organizatio...
What's New in InsightVM and Nexpose: Q1 2022 in Review
The world of cybersecurity never has a dull moment. While we are still recovering from the aftermath of Log4Shell, the recent ContiLeaks exposed multiple vulnerabilities that have been exploited by the Conti ransomware group. It’s critical for your team to identify the risk posed by such...
Metasploit Weekly Wrap-Up
Meterpreter Debugging A consistent message Metasploit hears from users is that debugging and general logging support could be improved. The gaps in functionality make it difficult for users to understand what happens when things go wrong and for new and existing developers to fix bugs and add new...
Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1
To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...
InsightCloudSec Supports the Recently Updated NSA/CISA Kubernetes Hardening Guide
The National Security Agency NSA and the Cybersecurity and Infrastructure Security Agency CISA recently updated their Kubernetes Hardening Guide, which was originally published in August 2021. With the help and feedback received from numerous partners in the cybersecurity community, this guide...
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, 2022, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122. The vulnerability allowed the admin user to execute arbitrary operating system commands and potentially allowed partially authenticated Active Directory users to execute arbitrary operating syst...
[Security Nation] Kate Stewart on Open-Source Projects at the Linux Foundation
!\Security Nation\ Kate Stewart on Open-Source Projects at the Linux Foundationhttps://blog.rapid7.com/content/images/2022/04/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation, about the...
Patch Tuesday - April 2022
From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser. One of these has been observed being...
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)
On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache. The vulnerability allowed a local low-privileged user to execute arbitrary Powershell as SYSTEM due to improper file permission assignment CWE-732. Product description...
3 Ways InsightIDR Users Are Achieving XDR Outcomes
The buzz around extended detection and response XDR is often framed in the future tense — here's what it will be like when we can start bringing more sources of telemetry into our detections, or what will happen when we can use XDR to really start reducing false positives. But users of InsightIDR...
Metasploit Wrap-Up
Windows Local Privilege Escalation for standard users In this week’s release, we have an exciting new module that has been added by our very own Grant Willcox which exploits CVE-2022-26904, and allows for normal users to execute code as NT AUTHORITY/SYSTEM on Windows machines from Windows 7 up to...
7 Rapid Questions: Meet Adrian Stewart, Aspiring Pilot Turned Product Manager
Welcome back to 7 Rapid Questions, our blog series where we ask passionate leaders at Rapid7 how they’re challenging convention and making an impact. In this installment, we talk to Adrian Stewart, a product manager working on InsightAppSec, Rapid7’s dynamic application security testing DAST tool...
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
Dead-bugging — what is that, you ask? The concept comes from the idea that a memory chip, once it’s flipped over so you can attach wires to it, looks a little like a dead bug on its back. So why would we do this for the purposes of IoT hacking? The typical reason is if you want to extract the...