1723 matches found
The Forecast Is Flipped: Flipping L&D in New Hire Training
Rapid7’s onboarding program, Making the Band, first came to the stage in the fall of 2017 when the original 2-week, video-based program evolved into a dynamic 90-day experience. The updated program delivered learnings to new hires through digital self-paced content and a 2-day live training focus...
MDR Plus Threat Intel: 414 New Detections in 251 Days (You’re Welcome)
Last summer, Rapid7 acquired IntSights and its advanced external threat intelligence solution now Threat Command by Rapid7. Threat Command monitors hundreds of thousands of sources across the clear, deep, and dark web, identifying malicious actors and notifying customers of potential attacks...
What's New in InsightIDR: Q1 2022 in Review
Introducing new InsightIDR capabilities to accelerate your detection and response program When we talk to customers and security professionals about what they need more of in their security operations center SOC, there is one consistent theme: time. InsightIDR — Rapid7's leading cloud SIEM and XD...
Security for All: How the Rapid7 Cybersecurity Foundation Will Expand Access and Inclusion
Rapid7’s mission is to advance cybersecurity for all — and an essential part of that effort is making the field and its best resources easier to access. That’s why we deliver solutions that meet the needs of large enterprises but can also be deployed and operated by more resource-constrained team...
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem. This environment isn’t too different from the on-premise ecosystem that traditional penetration testing is performed on...
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and...
Securing Your Applications Against Spring4Shell (CVE-2022-22965)
The warm weather is starting to roll in, the birds are chirping, and Spring... well, Spring4Shell is making a timely entrance. If you’re still recovering from Log4Shell, we’re here to tell you you're not alone. While discovery and research of CVE-2022-22965 is evolving, Rapid7 is committed to...
Metasploit Weekly Wrap-Up
CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/springcloudfunctionspelinjection module has been developed by our very own Spencer McIntyre which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965, whic...
Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems
We have completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. We continue to monitor for new vulnerability instances and to remediate vulnerabilities on internally accessible...
MITRE Engenuity ATT&CK Evaluation: InsightIDR Drives Strong Signal-to-Noise
Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations. With this evaluation, our customers and the broader security community get a deeper understanding of how...
4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 2
This post is co-authored by Chris Henderson, Senior Director of Information Security at Datto, Inc. Welcome back for the second and final of our blogs on the fallacies and biases that perpetuate ransomware risk for SMBs. In part one, we examined how flawed thinking and a sense of helplessness are...
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 has completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. For further information and updates about our internal response to Spring4Shell, please see our post here. If yo...
[Security Nation] David Rogers on IoT Security Legislation
!\Security Nation\ David Rogers on IoT Security Legislationhttps://blog.rapid7.com/content/images/2022/03/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with David Rogers, CEO at Copper Horse Ltd., about the Product Security and Telecommunications Infrastructure PST...
Demystifying XDR: The Time for Implementation Is Now
In previous installments of our conversation with Forrester Analyst Allie Mellen on all things extended detection and response XDR, she helped us understand not only the foundations of the product category and its relationship with security information and event management SIEM, but also the role...
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
In part one of this series, we broke down the various types of cloud deployments. So, pentesting in the cloud is just like on-prem, right? Who asks these loaded questions!? The answer is yes and no. It depends on how a customer has set up their cloud deployment. Let’s cover a few basics first,...
CVE-2022-1026: Kyocera Net View Address Book Exposure
Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. This...
Rapid7 Announces Partner of the Year Awards 2022 Winners
It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2022. All our category winners have achieved exceptional growth, demonstrating dedication and collaboration to the Rapid7 Partner Program throughout the year. We’re very proud to share our...
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Every year, our research team at Rapid7 analyzes thousands of vulnerabilities to understand root causes, dispel misconceptions, and explain why some flaws are more likely to be exploited than others. By continuously reviewing the vulnerability landscape and sharing our research team’s insights, w...
Metasploit Weekly Wrap-Up
Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually,...
The Digital Citizen’s Guide to Navigating Cyber Conflict
As security professionals, we are currently being bombarded with warnings and alerts of a heightened threat level due to the possibility that Russia will start to more aggressively leverage cyberattacks as part of their offensive. If you are feeling the pressure of getting everything done, check...
4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 1
This post is co-authored by Chris Henderson, Senior Director of Information Security at Datto, Inc. Ransomware has focused on big-game hunting of large enterprises in the past years, and those events often make the headlines. The risk can be even more serious for small and medium-sized businesses...
Reflecting on Women’s History Month at Rapid7
During Women’s History Month, we invited some of our team members to share their best advice for other women in technology, celebrate their strengths, and reflect on how they’ve challenged convention within their roles and built their networks. What is the best advice that someone has given you i...
SIEM and XDR: What’s Converging, What’s Not
Let’s start with the conclusion: Security incident and event management SIEM isn’t going anywhere anytime soon. Today, most security analysts are using their SIEMs for detection and response, making it the core tool within the security operations center SOC. SIEM aggregates and monitors critical...
Rapid7 Recognized as Top Ranked in Current Offering Category in Forrester Wave™ for Cloud Workload Security
The widespread growth in cloud adoption in recent years has given businesses across all industries the ability to transform and scale in ways never before possible. But the speed of those changes, combined with the increased volume and complexity of resources in cloud environments, often forces...
8 Tips for Securing Networks When Time Is Scarce
"At this particular mobile army hospital, we're not concerned with the ultimate reconstruction of the patient. We only care about getting the kid out of here alive enough for someone else to put on the fine touches. We work fast and we're not dainty, because a lot of these kids who can stand 2...
Cloud Pentesting, Pt. 1: Breaking Down the Basics
The concept of cloud computing has been around for awhile, but it seems like as of late — at least in the penetration testing field — more and more customers are looking to get a pentest done in their cloud deployment. What does that mean? How does that look? What can be tested, and what’s out of...
Metasploit Weekly Wrap-Up
CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...
3 Ways InsightIDR Customers Leverage the MITRE ATT&CK Framework
The MITRE ATT&CK framework is one of the most comprehensive and reputable knowledge bases of known adversary tactics, pragmatic mitigation strategies, and prudent detection recommendations available today. ATT&CK is freely available and widely used by defenders in industry and government to find...
[Security Nation] Bob Lord on Securing the DNC
!\Security Nation\ Bob Lord on Securing the DNChttps://blog.rapid7.com/content/images/2022/03/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod chat with Bob Lord, recently the Chief Security Officer for the Democratic National Committee, about the unique challenges of...
The VM Lifecycle: How We Got Here, and Where We’re Going
Written in collaboration with Joel Ashman The immutable truth that vulnerability management VM programs have long adhered to is that successful programs should follow a consistent lifecycle. This concept is simply a series of phases or steps that have a logical sequence and are repeated according...
Cybercriminals’ Recruiting Effort Highlights Need for Proper User Access Controls
The Lapsus$ ransomware gang’s modus operandi seems to be evolving. Following the recent data breaches of Nvidia and Samsung, on March 10, 2022, the Lapsus$ ransomware gang posted a message on their Telegram channel claiming that they were looking to recruit employees/insiders of companies in the...
InsightVM Scanning: Demystifying SSH Credential Elevation
Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...
An Inside Look at CISA’s Supply Chain Task Force
When one mentions supply chains these days, we tend to think of microchips from China causing delays in automobile manufacturing or toilet paper disappearing from store shelves. Sure, there are some chips in the communications infrastructure, but the cyber supply chain is mostly about virtual...
Metasploit Weekly Wrap-Up
Mucking out the pipes. Thanks to some quick work by timwr, CVE-2022-0847 aka "Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit targeting modern Linux v5 kernels helps elevate user privileges by overwriting a SUID binary of your choice by plunging some payload gold...
Run Faster Log Searches With InsightIDR
While it could be true that life is more about seeking than finding, log searches are all about getting results. You need to get the right data back as quickly as possible. In this blog, let’s explore how to make the best use of InsightIDR’s Log Search capabilities to get the correct data returne...
7 Rapid Questions: Growing From BDR to Commercial Sales Manager With Maria Loughrey
Welcome back to 7 Rapid Questions, our blog series where we hear about the great work happening at Rapid7 from the people who are doing it across our global offices. For this installment, we sat down with Maria Loughrey, Commercial Sales Manager for the UK and Ireland at our Reading, UK office...
New US Law to Require Cyber Incident Reports
The US Congress is poised to pass the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Once signed by the President, it will become law. The law will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. The legislation was...
CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel
CVE | Disclosure | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2022-0847 | Original disclosure | AttackerKB | March 10, 2022 | When practical | March 10, 2022 3:21 PM EST On March 7, 2022, CM4all security researcher Max Kellermann published technic...
3 Reasons to Join Rapid7’s Cloud Security Summit
The world of the cloud never stops moving — so neither can cloud security. In the face of rapidly evolving technology and a constantly changing threat landscape, keeping up with all the latest developments, trends, and best practices in this emerging practice is more vital than ever. Enter Rapid7...
Patch Tuesday - March 2022
Microsoft's March 2022 updates include fixes for 92 CVEs including 21 from the Chromium project, which is used by their Edge web browser. None of them have been seen exploited in the wild, but three have been previously disclosed. CVE-2022-24512, affecting .NET and Visual Studio, and...
InsightVM Scan Engine: Understanding MAC Address Discovery
Written in collaboration with Jimmy Cancilla When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection. The MAC address is one of several attributes used by the Security Console to perform asset...
Metasploit Weekly Wrap-Up
This week’s Metasploit Framework release brings us seven new modules. IP Camera Exploitation Rapid7’s Jacob Baines was busy this week with two exploit modules that target IP cameras. The first module exploits an authenticated file upload on Axis IP cameras. Due to lack of proper sanitization, an...
Graph Analysis of the Conti Ransomware Group Internal Chats
We were presented with a remarkably rich source of intelligence with the leaked communications from the Conti ransomware group. It’s a compelling and insightful read. The leaked information contains details on messages, including information on timestamps, sender, receiver, and the actual body of...
Russia-Ukraine Cybersecurity Updates
Cyberattacks are a distinct concern in the Russia-Ukraine conflict, with the potential to impact individuals and organizations far beyond the physical frontlines. With events unfolding rapidly, we want to provide a single channel by which we can communicate to the security community the major...
The Top 5 Russian Cyber Threat Actors to Watch
This post was updated on March 10, 2022 to include a section on the Conti Ransomware Group. As we continue to monitor the situation between Russia and Ukraine – and the potential for global cybersecurity impacts – we realize that our customers and other business and industry stakeholders may be...
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
On February 25, 2022, GitLab published a fix for CVE-2021-4191, which is an instance of CWE-359, "Exposure of Private Personal Information to an Unauthorized Actor." The now-patched vulnerability affected GitLab versions since 13.0. The vulnerability is the result of a missing authentication chec...
[Security Nation] Matthew Kienow on Open-Source Security and the Recog Framework
!\Security Nation\ Matthew Kienow on Open-Source Security and the Recog Frameworkhttps://blog.rapid7.com/content/images/2022/03/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Matthew Kienow, Senior Software Engineer at Rapid7, about open-source security – a subje...
InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production
We've all been there. The software development life cycle SDLC is moving at a mile a minute. Developers are writing code, updating features, and all the while attempting to keep everything introduced into production as safe and secure as possible. GitHub Actions are essential to automation and...
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
UPDATE: As of March 2, 2022, Conti began taking down exposed infrastructure as a result of the chat disclosure. At that time, we assessed that due to their sophisticated capability, deep funding, and quick recovery from exposed infrastructure in November 2021, they remained an active and...
Metasploit Weekly Wrap-Up
Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321. The flaw leveraged by the exploit exists in a...