Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/04/06 4:42 p.m.15 views

The Forecast Is Flipped: Flipping L&D in New Hire Training

Rapid7’s onboarding program, Making the Band, first came to the stage in the fall of 2017 when the original 2-week, video-based program evolved into a dynamic 90-day experience. The updated program delivered learnings to new hires through digital self-paced content and a 2-day live training focus...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/06 1:48 p.m.13 views

MDR Plus Threat Intel: 414 New Detections in 251 Days (You’re Welcome)

Last summer, Rapid7 acquired IntSights and its advanced external threat intelligence solution now Threat Command by Rapid7. Threat Command monitors hundreds of thousands of sources across the clear, deep, and dark web, identifying malicious actors and notifying customers of potential attacks...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/05 3:45 p.m.18 views

What's New in InsightIDR: Q1 2022 in Review

Introducing new InsightIDR capabilities to accelerate your detection and response program When we talk to customers and security professionals about what they need more of in their security operations center SOC, there is one consistent theme: time. InsightIDR — Rapid7's leading cloud SIEM and XD...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/05 12:15 p.m.31 views

Security for All: How the Rapid7 Cybersecurity Foundation Will Expand Access and Inclusion

Rapid7’s mission is to advance cybersecurity for all — and an essential part of that effort is making the field and its best resources easier to access. That’s why we deliver solutions that meet the needs of large enterprises but can also be deployed and operated by more resource-constrained team...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/04 5:45 p.m.29 views

Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity

Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem. This environment isn’t too different from the on-premise ecosystem that traditional penetration testing is performed on...

5CVSS0.15102EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2022/04/04 1:28 p.m.25 views

Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/01 10:26 p.m.388 views

Securing Your Applications Against Spring4Shell (CVE-2022-22965)

The warm weather is starting to roll in, the birds are chirping, and Spring... well, Spring4Shell is making a timely entrance. If you’re still recovering from Log4Shell, we’re here to tell you you're not alone. While discovery and research of CVE-2022-22965 is evolving, Rapid7 is committed to...

7.5CVSS0.2AI score0.99677EPSS
Exploits100
Rapid7 Blog
Rapid7 Blog
added 2022/04/01 6:34 p.m.128 views

Metasploit Weekly Wrap-Up

CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/springcloudfunctionspelinjection module has been developed by our very own Spencer McIntyre which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965, whic...

7.5CVSS1.3AI score0.99939EPSS
Exploits131
Rapid7 Blog
Rapid7 Blog
added 2022/04/01 2:42 p.m.229 views

Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems

We have completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. We continue to monitor for new vulnerability instances and to remediate vulnerabilities on internally accessible...

7.5CVSS1.9AI score0.99939EPSS
Exploits131
Rapid7 Blog
Rapid7 Blog
added 2022/03/31 7:59 p.m.16 views

MITRE Engenuity ATT&CK Evaluation: InsightIDR Drives Strong Signal-to-Noise

Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations. With this evaluation, our customers and the broader security community get a deeper understanding of how...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/31 3:41 p.m.22 views

4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 2

This post is co-authored by Chris Henderson, Senior Director of Information Security at Datto, Inc. Welcome back for the second and final of our blogs on the fallacies and biases that perpetuate ransomware risk for SMBs. In part one, we examined how flawed thinking and a sense of helplessness are...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/30 10:33 p.m.339 views

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Rapid7 has completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. For further information and updates about our internal response to Spring4Shell, please see our post here. If yo...

9.3CVSS9.9AI score0.99999EPSS
Exploits477
Rapid7 Blog
Rapid7 Blog
added 2022/03/30 7:30 p.m.18 views

[Security Nation] David Rogers on IoT Security Legislation

!\Security Nation\ David Rogers on IoT Security Legislationhttps://blog.rapid7.com/content/images/2022/03/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with David Rogers, CEO at Copper Horse Ltd., about the Product Security and Telecommunications Infrastructure PST...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/30 2:53 p.m.15 views

Demystifying XDR: The Time for Implementation Is Now

In previous installments of our conversation with Forrester Analyst Allie Mellen on all things extended detection and response XDR, she helped us understand not only the foundations of the product category and its relationship with security information and event management SIEM, but also the role...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/29 5:31 p.m.42 views

Cloud Pentesting, Pt. 2: Testing Across Different Deployments

In part one of this series, we broke down the various types of cloud deployments. So, pentesting in the cloud is just like on-prem, right? Who asks these loaded questions!? The answer is yes and no. It depends on how a customer has set up their cloud deployment. Let’s cover a few basics first,...

8.4AI score0.15102EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2022/03/29 1:29 p.m.1087 views

CVE-2022-1026: Kyocera Net View Address Book Exposure

Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. This...

6CVSS7.9AI score0.80004EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2022/03/28 3:0 p.m.26 views

Rapid7 Announces Partner of the Year Awards 2022 Winners

It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2022. All our category winners have achieved exceptional growth, demonstrating dedication and collaboration to the Rapid7 Partner Program throughout the year. We’re very proud to share our...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/28 12:30 p.m.3502 views

Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

Every year, our research team at Rapid7 analyzes thousands of vulnerabilities to understand root causes, dispel misconceptions, and explain why some flaws are more likely to be exploited than others. By continuously reviewing the vulnerability landscape and sharing our research team’s insights, w...

9.3CVSS0.3AI score0.99999EPSS
Exploits355
Rapid7 Blog
Rapid7 Blog
added 2022/03/25 7:25 p.m.30 views

Metasploit Weekly Wrap-Up

Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually,...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/25 2:35 p.m.18 views

The Digital Citizen’s Guide to Navigating Cyber Conflict

As security professionals, we are currently being bombarded with warnings and alerts of a heightened threat level due to the possibility that Russia will start to more aggressively leverage cyberattacks as part of their offensive. If you are feeling the pressure of getting everything done, check...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/24 5:56 p.m.9 views

4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 1

This post is co-authored by Chris Henderson, Senior Director of Information Security at Datto, Inc. Ransomware has focused on big-game hunting of large enterprises in the past years, and those events often make the headlines. The risk can be even more serious for small and medium-sized businesses...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/24 2:54 p.m.12 views

Reflecting on Women’s History Month at Rapid7

During Women’s History Month, we invited some of our team members to share their best advice for other women in technology, celebrate their strengths, and reflect on how they’ve challenged convention within their roles and built their networks. What is the best advice that someone has given you i...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/23 6:34 p.m.20 views

SIEM and XDR: What’s Converging, What’s Not

Let’s start with the conclusion: Security incident and event management SIEM isn’t going anywhere anytime soon. Today, most security analysts are using their SIEMs for detection and response, making it the core tool within the security operations center SOC. SIEM aggregates and monitors critical...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/23 1:49 p.m.24 views

Rapid7 Recognized as Top Ranked in Current Offering Category in Forrester Wave™ for Cloud Workload Security

The widespread growth in cloud adoption in recent years has given businesses across all industries the ability to transform and scale in ways never before possible. But the speed of those changes, combined with the increased volume and complexity of resources in cloud environments, often forces...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/22 3:44 p.m.16 views

8 Tips for Securing Networks When Time Is Scarce

"At this particular mobile army hospital, we're not concerned with the ultimate reconstruction of the patient. We only care about getting the kid out of here alive enough for someone else to put on the fine touches. We work fast and we're not dainty, because a lot of these kids who can stand 2...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/21 2:32 p.m.88 views

Cloud Pentesting, Pt. 1: Breaking Down the Basics

The concept of cloud computing has been around for awhile, but it seems like as of late — at least in the penetration testing field — more and more customers are looking to get a pentest done in their cloud deployment. What does that mean? How does that look? What can be tested, and what’s out of...

6CVSS8.4AI score0.06615EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2022/03/18 5:38 p.m.457 views

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...

7.5CVSS0.5AI score0.99718EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2022/03/17 2:4 p.m.22 views

3 Ways InsightIDR Customers Leverage the MITRE ATT&CK Framework

The MITRE ATT&CK framework is one of the most comprehensive and reputable knowledge bases of known adversary tactics, pragmatic mitigation strategies, and prudent detection recommendations available today. ATT&CK is freely available and widely used by defenders in industry and government to find...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/16 11:45 p.m.18 views

[Security Nation] Bob Lord on Securing the DNC

!\Security Nation\ Bob Lord on Securing the DNChttps://blog.rapid7.com/content/images/2022/03/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod chat with Bob Lord, recently the Chief Security Officer for the Democratic National Committee, about the unique challenges of...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/16 2:13 p.m.28 views

The VM Lifecycle: How We Got Here, and Where We’re Going

Written in collaboration with Joel Ashman The immutable truth that vulnerability management VM programs have long adhered to is that successful programs should follow a consistent lifecycle. This concept is simply a series of phases or steps that have a logical sequence and are repeated according...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/15 8:10 p.m.18 views

Cybercriminals’ Recruiting Effort Highlights Need for Proper User Access Controls

The Lapsus$ ransomware gang’s modus operandi seems to be evolving. Following the recent data breaches of Nvidia and Samsung, on March 10, 2022, the Lapsus$ ransomware gang posted a message on their Telegram channel claiming that they were looking to recruit employees/insiders of companies in the...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/15 3:56 p.m.96 views

InsightVM Scanning: Demystifying SSH Credential Elevation

Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...

1.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/14 2:5 p.m.13 views

An Inside Look at CISA’s Supply Chain Task Force

When one mentions supply chains these days, we tend to think of microchips from China causing delays in automobile manufacturing or toilet paper disappearing from store shelves. Sure, there are some chips in the communications infrastructure, but the cyber supply chain is mostly about virtual...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/11 8:26 p.m.151 views

Metasploit Weekly Wrap-Up

Mucking out the pipes. Thanks to some quick work by timwr, CVE-2022-0847 aka "Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit targeting modern Linux v5 kernels helps elevate user privileges by overwriting a SUID binary of your choice by plunging some payload gold...

9CVSS9AI score0.96182EPSS
Exploits275
Rapid7 Blog
Rapid7 Blog
added 2022/03/11 4:23 p.m.27 views

Run Faster Log Searches With InsightIDR

While it could be true that life is more about seeking than finding, log searches are all about getting results. You need to get the right data back as quickly as possible. In this blog, let’s explore how to make the best use of InsightIDR’s Log Search capabilities to get the correct data returne...

6.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/10 8:47 p.m.23 views

7 Rapid Questions: Growing From BDR to Commercial Sales Manager With Maria Loughrey

Welcome back to 7 Rapid Questions, our blog series where we hear about the great work happening at Rapid7 from the people who are doing it across our global offices. For this installment, we sat down with Maria Loughrey, Commercial Sales Manager for the UK and Ireland at our Reading, UK office...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/10 4:6 p.m.12 views

New US Law to Require Cyber Incident Reports

The US Congress is poised to pass the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Once signed by the President, it will become law. The law will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. The legislation was...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/09 10:25 p.m.176 views

CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel

CVE | Disclosure | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2022-0847 | Original disclosure | AttackerKB | March 10, 2022 | When practical | March 10, 2022 3:21 PM EST On March 7, 2022, CM4all security researcher Max Kellermann published technic...

7.2CVSS1.2AI score0.88106EPSS
Exploits100
Rapid7 Blog
Rapid7 Blog
added 2022/03/09 5:6 p.m.109 views

3 Reasons to Join Rapid7’s Cloud Security Summit

The world of the cloud never stops moving — so neither can cloud security. In the face of rapidly evolving technology and a constantly changing threat landscape, keeping up with all the latest developments, trends, and best practices in this emerging practice is more vital than ever. Enter Rapid7...

9.3CVSS9.9AI score0.99999EPSS
Exploits348
Rapid7 Blog
Rapid7 Blog
added 2022/03/08 9:8 p.m.153 views

Patch Tuesday - March 2022

Microsoft's March 2022 updates include fixes for 92 CVEs including 21 from the Chromium project, which is used by their Edge web browser. None of them have been seen exploited in the wild, but three have been previously disclosed. CVE-2022-24512, affecting .NET and Visual Studio, and...

9CVSS1.4AI score0.56376EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2022/03/07 4:53 p.m.271 views

InsightVM Scan Engine: Understanding MAC Address Discovery

Written in collaboration with Jimmy Cancilla When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection. The MAC address is one of several attributes used by the Security Console to perform asset...

6CVSS0.8AI score0.06615EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2022/03/04 9:52 p.m.285 views

Metasploit Weekly Wrap-Up

This week’s Metasploit Framework release brings us seven new modules. IP Camera Exploitation Rapid7’s Jacob Baines was busy this week with two exploit modules that target IP cameras. The first module exploits an authenticated file upload on Axis IP cameras. Due to lack of proper sanitization, an...

9.3CVSS0.99869EPSS
Exploits214
Rapid7 Blog
Rapid7 Blog
added 2022/03/04 5:0 p.m.9 views

Graph Analysis of the Conti Ransomware Group Internal Chats

We were presented with a remarkably rich source of intelligence with the leaked communications from the Conti ransomware group. It’s a compelling and insightful read. The leaked information contains details on messages, including information on timestamps, sender, receiver, and the actual body of...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/04 2:30 p.m.286 views

Russia-Ukraine Cybersecurity Updates

Cyberattacks are a distinct concern in the Russia-Ukraine conflict, with the potential to impact individuals and organizations far beyond the physical frontlines. With events unfolding rapidly, we want to provide a single channel by which we can communicate to the security community the major...

9.3CVSS0.4AI score0.99759EPSS
Exploits75
Rapid7 Blog
Rapid7 Blog
added 2022/03/03 10:53 p.m.481 views

The Top 5 Russian Cyber Threat Actors to Watch

This post was updated on March 10, 2022 to include a section on the Conti Ransomware Group. As we continue to monitor the situation between Russia and Ukraine – and the potential for global cybersecurity impacts – we realize that our customers and other business and industry stakeholders may be...

9.3CVSS0.4AI score0.81628EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2022/03/03 5:1 p.m.111 views

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

On February 25, 2022, GitLab published a fix for CVE-2021-4191, which is an instance of CWE-359, "Exposure of Private Personal Information to an Unauthorized Actor." The now-patched vulnerability affected GitLab versions since 13.0. The vulnerability is the result of a missing authentication chec...

5.7AI score0.80004EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2022/03/03 1:1 p.m.32 views

[Security Nation] Matthew Kienow on Open-Source Security and the Recog Framework

!\Security Nation\ Matthew Kienow on Open-Source Security and the Recog Frameworkhttps://blog.rapid7.com/content/images/2022/03/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Matthew Kienow, Senior Software Engineer at Rapid7, about open-source security – a subje...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/02 5:29 p.m.30 views

InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production

We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/01 7:15 p.m.1514 views

Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict

UPDATE: As of March 2, 2022, Conti began taking down exposed infrastructure as a result of the chat disclosure. At that time, we assessed that due to their sophisticated capability, deep funding, and quick recovery from exposed infrastructure in November 2021, they remained an active and...

10CVSS9.6AI score0.99999EPSS
Exploits566
Rapid7 Blog
Rapid7 Blog
added 2022/02/25 9:48 p.m.240 views

Metasploit Weekly Wrap-Up

Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321. The flaw leveraged by the exploit exists in a...

6.5CVSS9.1AI score0.90388EPSS
Exploits9
Total number of security vulnerabilities1723