1723 matches found
Russia/Ukraine Conflict: What Is Rapid7 Doing to Protect My Organization?
Rapid7 is monitoring the escalating conflict in Ukraine, and we have provided a blog on the various attack vectors organizations may see, as well as guidance on mitigations and remediations. To assist with your preparation and response efforts, Rapid7 is continuously integrating into our products...
Staying Secure in a Global Cyber Conflict
Now that Russia has begun its armed invasion of Ukraine, we should expect increasing risks of cybersecurity attacks and incidents, either as spillover from cyberattacks targeting Ukraine or direct attacks against actors supporting Ukraine. Any state-sponsored Russian attacks aiming to support the...
Demystifying XDR: How Curated Detections Filter Out the Noise
Extended detection and response XDR is, by nature, a forward-looking technology. By adding automation to human insight, XDR rethinks and redefines the work that has been traditionally ascribed to security information and event management SIEM and other well-defined, widely used tools within...
For Health Insurance Companies, Web Apps Can Be an Open Wound
At IntSights, a Rapid7 company, our goal is to ensure organizations everywhere understand the threats facing them in today's cyber landscape. With this in mind, we took a focused look at the insurance industry — a highly targeted vertical due to the amount of valuable data these organizations hol...
This CISO Isn’t Real, But His Problems Sure Are
In 2021, data breaches soared past 2020 levels. This year, it’s expected to be worse. The odds are stacked against this poor guy and you now – but a unified extended detection and response XDR and SIEM restacks them in your favor. Take a few minutes to check out this CISO’s day, and you’ll see ho...
Metasploit Weekly Wrap-Up
Nagios XI web shell upload module New this week is a Nagios Web Shell Upload module from Rapid7' own Jake Baines, which exploits CVE-2021-37343. This module builds upon the existing Nagios XI scanner written by Erik Wynter. Versions of Nagios XI prior to 5.8.5 are vulnerable to a path traversal...
What's New in InsightVM and Nexpose: Q4 2021 in Review
Greetings, fellow security professionals. As we enter into the new year, we wanted to provide a recap of product releases and features on the vulnerability management VM front for Q4 2021. Let's start by talking about the elephant in the room. The end of last year was dominated by Log4Shell, the...
Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal
CVE-2021-44228 rules everything around us — or so it seemed, at least, for those breathless days in December 2021 when the full scope of Log4Shell was starting to take hold and security teams were strapped for time and resources as they scoured their organizations' environments for vulnerable...
Cloud Security and Compliance: The Ultimate Frenemies of Financial Services
Meeting compliance standards as a financial services finserv company can be incredibly time-consuming and expensive. Finserv has some of the highest regulatory bars to clear out of any industry — with the exception, perhaps, of healthcare. That said, these regulations exist for good reason. Even...
[Security Nation] Amit Serper on Finding Leaks in Autodiscover
!\Security Nation\ Amit Serper on Finding Leaks in Autodiscoverhttps://blog.rapid7.com/content/images/2022/02/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Amit Serper, Director of Security Research at Akamai, on his work uncovering a flaw in the Autodiscover...
The Future of Finserv Security: Cloud Expert and Former CISO Anthony Johnson Weighs In
In today's increasingly mobile, fast-paced world, it's no surprise that financial services finserv organizations have a massive bullseye on their backs. The amount of personal data they access daily makes them an attractive target for those with malicious intent. In fact, the average cost of a da...
Prudent Cybersecurity Preparation for the Potential Russia-Ukraine Conflict
Update Feb 24, 2022: The situation in Ukraine has worsened since this blog post was first published, though our preparation advice remains the same. We will update the Rapid7 blog with a new post as events warrant. Tensions between Russia and Ukraine remain elevated, with a high degree of...
How InsightAppSec Detects Log4Shell: Your Questions Answered
If you’re reading this, that means you survived the year 2021, so congratulations! For everyone in the software industry, and especially those in cybersecurity, the past 12 months probably felt like 12 rounds in the ring. Remember the Solarwinds attack and the resulting scramble to mitigate suppl...
Dropping Files on a Domain Controller Using CVE-2021-43893
On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privilege escalation vulnerability affecting the Windows Encrypted File System EFS. The vulnerability was credited to James Forshaw of Google Project Zero, but perhaps owing to the Log4Shell atmosphere,...
Metasploit Wrap-Up
Welcome, Little Hippo: PetitPotam Our very own @zeroSteiner ported the PetitPotam exploit to Metasploit this week. This module leverages CVE-2021-36942, a vulnerability in the Windows Encrypting File System EFS API, to capture machine NTLM hashes. This uses the EfsRpcOpenFileRaw function of the...
The Forecast Is Flipped: How Rapid7 Is Flipping L&D for the Future of Work
The last 2 years have turned the world on its head, and now, companies across the globe are transitioning into a new normal. In this hybrid world, employee engagement is a moving target, the market is more competitive, and historical face-to-face teaching practices are no longer viable. Rapid7’s...
Evolving How We Share Rapid7 Research Data
In the spring of 2018, we launched the Open Data initiative to provide security teams and researchers with access to research data generated from Project Sonar and Project Heisenberg. Our goal for those projects is to understand how the attack surface is evolving, what exposures are most common o...
Rapid7 Team Members Share Key Takeaways From AMP 2022
Each year, Rapid7 hosts AMP, our annual employee kickoff event where leaders from across the organization share their goals for the next 12 months. These goals bring us closer to achieving our mission of closing the security achievement gap. With the effects of COVID-19 still physically separatin...
Patch Tuesday - February 2022
Today’s fixes from Microsoft are relatively light as far as Patch Tuesdays go. This is the first month in possibly forever where no vulnerabilities are considered Critical. A total of 70 CVEs were fixed today including 22 that affect the Chromium browser engine, which is used by Edge. Although 16...
The Big Target on Cyber Insurers' Backs
Here at IntSights, a Rapid7 company, our goal is to equip organizations around the world with an understanding of the threats facing them in today's cyber threat landscape. Most recently, we took a focused look at the insurance industry — a highly targeted vertical due to the amount of personally...
Why Security in Kubernetes Isn't the Same as in Linux: Part 2
Security for Kubernetes might not be quite the same as what you're used to. In our previous article, we covered why security is so important in both Linux on-premises servers and cloud Kubernetes clusters. We also talked about 3 major aspects of Linux server security — processes, network, and fil...
Metasploit Wrap-Up
Wordpress Exploitation Returns What's life without a little WordPress exploitation? Courtesy of Hacker5preme aka Ron Jost and h00die, we now have an exploit for CVE-2021-24862, a bug in the RestorationMagic WordPress plugin prior to 5.0.1.6 whereby user input was not properly escaped in the...
7Rapid Questions With Our APAC Sales Manager, Soumi
For this installment of 7Rapid Questions, we sat down with Soumi Mukherjee, APAC Sales Manager - ANZ North Sales, to learn more about what drives her in her role at Rapid7. 1. Why did you join Rapid7? The truth is I joined for the people. I worked for a Rapid7 channel partner prior, and my...
Velociraptor Version 0.6.3: Dig Deeper With More Speed and Scalability
Rapid7 is very excited to announce the latest Velociraptor release 0.6.3. This release has been in the making for a few months now and has several exciting new features. Scalability and speed have been the main focus of development since our previous release. Working with some of our larger...
[Security Nation] John Rouffas on Building a Security Function
!\Security Nation\ John Rouffas on Building a Security Functionhttps://blog.rapid7.com/content/images/2022/02/securitynationlogo--1-.jpg In this episode of Security Nation, Jen chats with John Rouffas, CISO at intelliflo, about his experience building out a security function and team at a young a...
Demystifying XDR: Where SIEM and XDR Collide
Innovations solve longstanding problems in creative, impactful ways — but they also raise new questions, especially when they're in the liminal space between being an emerging idea and a fully fledged, widely adopted reality. One of the still-unanswered questions about extended detection and...
2021 Cybersecurity Superlatives: An InsightIDR Year in Review
We laughed, we cried, we added over 750 new detections. It's been a rollercoaster of a year for everyone. So let's have some fun with our 2021 year in review — shall we? The last year was an exciting one for InsightIDR, Rapid7's industry-leading extended detection and response XDR and SIEM...
Metasploit Weekly Wrap-Up
I'm sure you know what's coming, more Log4Shell For those wondering when the Log4Shell remediation nightmare will end, I'm afraid I can't give you that. What I can give you, though, is a new Log4Shell module! With the new module from zeroSteiner you can expect to get unauthenticated RCE on the...
Why Security in Kubernetes Isn't the Same as in Linux: Part 1
Kubernetes was first presented in 2014, and it almost entirely changed the way technological and even non-tech companies use infrastructure for running their applications. The Kubernetes platform still feels new and exciting — it has awesome features and can fit most use cases. But hackers find t...
How Ransomware Is Changing US Federal Policy
In past decades, attackers breaching systems and stealing sensitive information prompted a wave of regulations focused on consumer privacy and breach notification. The current surge in ransomware attacks is prompting a new wave of action from policymakers. Unlike the more abstract harms threatene...
The Great Resignation: 4 Ways Cybersecurity Can Win
Pandemics change everything. In the Middle Ages, the Black Death killed half of Europe’s population. It also killed off the feudal system of landowning lords exploiting laborer serfs. Rampant death caused an extreme labor shortage and forced the lords to pay wages. Eventually, serfs had bargainin...
Metasploit Weekly Wrap-Up
Image Credit: https://upload.wikimedia.org/wikipedia/commons/c/c7/Logs.jpg without change while j==shell; Log4j; The Log4j loop continues as we release a module targeting vulnerable vCenter releases. This is a good time to suggest that you check your vCenter releases and maybe even increase the...
Is the Internet of Things the Next Ransomware Target?
Ransomware attacks over the last couple years have been traumatic, impacting nearly every business sector and costing billions of dollars. The targets have mostly been our data: steal it, encrypt it, and then charge us a fee to get it back. Over the last several years, there's been concern across...
[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability
!\Security Nation\ Mike Hanley of GitHub on the Log4j Vulnerabilityhttps://blog.rapid7.com/content/images/2022/01/securitynationlogo.jpg In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in...
Open-Source Security: Getting to the Root of the Problem
The past few weeks have shown us the importance and wide reach of open-source security. In December 2021, public disclosure of the Log4Shell vulnerability in Log4j, an open-source logging library, caused a cascade of dependency analysis by developers in organizations around the world. The inciden...
Active Exploitation of VMware Horizon Servers
This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...
2022 Planning: Metrics That Matter and Curtailing the Cobra Effect
During the British rule of India, the British government became concerned about the number of cobras in the city of Delhi. The ambitious bureaucrats came up with what they thought was the perfect solution, and they issued a bounty for cobra skins. The plan worked wonderfully at first, as cobra...
Metasploit Weekly Wrap-Up
Log4Shell goodness Log4Shell made an unfortunate end to 2021 for many organizations, but it also makes for some great additions to Metasploit Framework. Contributors sempervictus, schierlm, righel, timwr and our very own Spencer McIntyre have collaborated to bring us a Log4Shell module that uses...
7Rapid Questions: Stephen Donnelly
At Rapid7, there's no shortage of passionate leaders looking to challenge convention and make an impact. Our "7Rapid Questions" series is a way to highlight some of the amazing work taking place behind the scenes, and the exciting growth opportunities available in our global offices. For this...
Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Evaluating MDR Vendors: A Pocket Buyer's Guide
Cyberthreats are now the No. 1 source of stress among CEOs, with 71% of respondents to PwC's 2021 CEO Study reporting they are "extremely concerned" about the issue. At the same time, the cybersecurity skills gap continues to grow, with 95% of security pros saying the shortage of talent in their...
A Quick Look at CES 2022
The first thing I noticed about CES this year was COVID’s impact on the event, which was more than just attendance size. A large amount of the technology focused on sanitation, everything from using light to sanitize surfaces on point-of-sale systems to hand-washing stations. When I attend events...
A December to Remember — Or, How We Improved InsightAppSec in Q4 in the Midst of Log4Shell
Ho, ho, holy cow — what a wild way to wrap up the year that was. Thousands of flights were cancelled during Christmas week, nearly every holiday party became a super-spreader event, and we lost a legend in Betty White. In our neck of the woods, Log4Shell has been dominating the conversation for...
Demystifying XDR: How Humans and Machines Join Forces in Threat Response
In our first post on demystifying the concepts and practices behind extended detection and response XDR technology, Forrester analyst Allie Mellen joined Sam Adams, Rapid7's VP for Detection and Response, to outline the basic framework for XDR and highlight the key outcomes it can help security...
Patch Tuesday - January 2022
The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior...
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access SMA 100 series of devices, which includes SMA 200, 210, 400, 410, and 500v. The most serious of these issues can lead to...
The 2021 Naughty and Nice Lists: Cybersecurity Edition
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale
This post is co-authored by Blake Cifelli, Senior Advisory Services Consultant. In today’s cybersecurity world, risks evolve faster than we can remediate them. To meet our goals and become resilient to these fast changes, we need the right balance of automation and human interaction. Enabling rap...
Metasploit Wrap-Up
Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...
What's New in Threat Intelligence: 2021 Year in Review
This post was originally published on the IntSights blog. Last year marked a huge milestone with the acquisition of IntSights by Rapid7. The IntSights team is very excited to join a company committed to simplifying and improving security outcomes for its customers. Rapid7's focus is a great...