1724 matches found
What's New in Threat Intelligence: 2021 Year in Review
This post was originally published on the IntSights blog. Last year marked a huge milestone with the acquisition of IntSights by Rapid7. The IntSights team is very excited to join a company committed to simplifying and improving security outcomes for its customers. Rapid7's focus is a great...
What's New in InsightIDR: Q4 2021 in Review
More context and customization around detections and investigations, expanded dashboard capabilities, and more. This post offers a closer look at some of the recent releases in InsightIDR, our extended detection and response XDR solution, from Q4 2021. Over the past quarter, we delivered updates ...
2022 Cybersecurity Predictions: The Experts Clear Off the Crystal Ball
As we walk through the doorway of 2022, it's hard not to wish at least some among us had the gift of cosmic foresight. Many most? of the questions we thought in 2021 that we'd have answered by this point — chief among them, when will COVID finally leave us alone??? — still seem to elude us. In...
Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors
Now that 2022 is fully underway, it's time to wrap up some of the milestones that Rapid7 achieved in 2021. We worked harder than ever last year to help protectors keep their organization's infrastructure secure — even in the face of some of the most difficult threats the security community has...
Metasploit 2021 Annual Wrap-Up
As 2022 kicks off, we now have another year in the books. Like years past, 2021 brought some surprises and had its share of celebrity vulnerabilities and recurring trends. Let’s highlight some statistics! Quick stats 651 merged pull requests from 113 users 184 new modules 102 exploits, 45 post, 3...
5 Security Projects That Are Giving Back
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Sharing the Gifts of Cybersecurity – Or, a Lesson From My First Year Without Santa
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Test for Log4Shell With InsightAppSec Using New Functionality
We can all agree at this point that the Log4Shell vulnerability CVE-2021-44228 can rightfully be categorized as a celebrity vulnerability. Security teams have been working around the clock investigating whether they have instances of Log4j in their environment. You are likely very familiar with...
Metasploit Wrap-Up
Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the...
The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
If you work in security, the chances are that you have spent the last several days urgently responding to the Log4Shell vulnerability CVE-2021-44228, investigating where you have instances of Log4j in your environment, and questioning your vendors about their response. You have likely already rea...
How to Protect Your Applications Against Log4Shell With tCell
By now, we’re sure you’re familiar with all things Log4Shell – but we want to make sure we share how to protect your applications. Applications are a critical part of any organization’s attack surface, and we’re seeing thousands of Log4Shell attack attempts in our customers' environments every...
Patch Tuesday - December 2021
This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228. In today’s security release, Microsoft issued fixes for 83 vulnerabilities across an array of products — including a fix for Windows Defender for IoT, which is vulnerable to CVE-2021-44228...
Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations
It's been a long few days as organizations' security teams have worked to map, quantify, and mitigate the immense risk presented by the Log4Shell vulnerability within Log4j. As can be imagined, cybercriminals are working overtime as well, as they seek out ways to exploit this vulnerability. Need...
Using InsightVM to Find Apache Log4j CVE-2021-44228
There are many methods InsightVM can use to identify vulnerable software. Which method is best depends on the software and specific vulnerability in question, not to mention variability that comes into play with differing network topologies and Scan Engine deployment strategies. When it comes to ...
Update on Log4Shell’s Impact on Rapid7 Solutions and Systems
Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s Log4j Java library a.k.a. Log4Shell. We have been continuously monitoring for Log4Shell exploit attempts in our environment and have been urgently...
Hacky Holidays: Celebrating the Best of Security Nation [Video]
!Hacky Holidays: Celebrating the Best of Security Nation \Video\https://blog.rapid7.com/content/images/2021/12/security-nation-recap-2.jpg Most of us allow ourselves a few extra indulgences around the holidays — so despite my best editorial sensibilities, I'm letting myself indulge here in a...
Driver-Based Attacks: Past and Present
"People that write Ring 0 code and write it badly are a danger to society." - Mickey Shkatov There is no security boundary between an administrator and the Windows kernel, according to the Microsoft Security Servicing Criteria for Windows. In our analysis of CVE-2021-21551, a write-what-where...
Metasploit Wrap-Up
Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
Table of Contents Overview Affected versions Mitigation and detection guidance Rapid7 customers InsightVM and Nexpose InsightIDR and Managed Detection and Response Velociraptor tCell InsightCloudSec IntSights Attacks and campaigns External resources Updates Need clarity on detecting and mitigatin...
Stay Ahead of Threats With Cloud Workload Protection
When it comes to cloud-native applications, optimal security requires a modern, integrated, and automated approach that starts in development and extends to runtime protection. Cloud workload protection CWP helps make that goal possible by bringing major structural changes to software development...
2022 Planning: Simplifying Complex Cybersecurity Regulations
Compliance does not equal security, but it’s also true that a strong cybersecurity program meets many compliance obligations. How can we communicate industry regulatory requirements in a more straightforward way that enhances understanding while saving time and effort? How can we more easily...
A Dream Team-Up: Integrate InsightAppSec With ServiceNow ITSM
At Rapid7, we are constantly improving InsightAppSec and tCell with the goal of making our customers' lives easier. Over the last few months alone, we've improved the way your team structures permissions, integrated with Microsoft's .Net 6.0, and automated authentication to make scan after scan...
Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices
Summary On December 7, 2021, SonicWall released a security advisory that includes patching guidance for five vulnerabilities in SonicWall SMA 100 series devices that were discovered by Rapid7 including CVE-2021-20038 which is rated CVSSv3 9.8, critical, as well as several other CVEs discovered by...
Demystifying XDR: A Forrester Analyst Lays the Foundation
Extended detection and response XDR is no longer a future state in cybersecurity practice — it's a full-fledged reality for some. In fact, it's been a thing for a lot longer than you might think. Still, XDR is new vocabulary for many security operations center SOC teams, and the contours of this...
Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution
CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-44077 | Zoho's Advisory | AttackerKB | In Development | Immediately | December 9, 1:30pm ET Summary Zoho customers have had a huge incentive lately to keep their software up to date,...
3 Strategies That Are More Productive Than Hack Back
2021 has been a banner year in terms of the frequency and diversity of cybersecurity breaking news events, with ransomware being the clear headline-winner. While the DarkSide group now, in theory, retired may have captured the spotlight early in the year due to the Colonial Pipeline attack, REvil...
Congrats to the Winners of the 2021 Metasploit Community CTF
Thanks to everyone who participated in this year’s Metasploit community CTF! Like last year, this CTF ran over the past 4 days and invited community members to solve a series of challenges. This year saw 1,501 users registered across 727 teams. If you participated in the CTF, we have a feedback...
Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud
Cloud and container technologies are being increasingly embraced by organizations around the globe because of the efficiency, superior visibility, and control they provide to DevOps and IT teams. While DevOps teams see the benefits of cloud and container solutions, these tools create a learning...
InsightCloudSec Supports 12 New AWS Services Announced at re:Invent
In case you didn’t hear, Amazon hosted AWS re:Invent in Las Vegas last week. As has come to be expected at the annual mega-event, Amazon made a number of huge announcements and launched a significant number of improvements and brand-new services and settings to enhance their public cloud platform...
Metasploit Wrap-Up
Metasploit CTF 2021 starts today It’s that time of year again! Time for the 2021 Metasploit Community CTF. Earlier today over 1,100 users in more than 530 teams were registered and opened for participation to solve this year’s 18 challenges. Next week a recap and the winners will be announced, so...
Hacky Holidays From Rapid7! Announcing Our New Festive Blog Series
The holiday season often inspires reflection on the year coming to a close — but with the new year approaching, this season can also signal the opportunity for a fresh start. In that spirit, we're announcing a refreshed theme and approach to our annual holiday blog series: Hacky Holidays! While...
OWASP Top 10 Deep Dive: Identification and Authentication Failures
In the 2021 edition of the OWASP top 10 list, Broken Authentication was changed to Identification and Authentication Failures. This term bundles in a number of existing items like cryptography failures, session fixation, default login credentials, and brute-forcing access. Additionally, this...
Ongoing Exploitation of Windows Installer CVE-2021-41379
CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-41379 | Microsoft Advisory | AttackerKB | Scheduled when patched | ASAP when released | December 3, 2021 3:00 PM ET See the Updates section at the end of this post for new informatio...
Active Exploitation of Apache HTTP Server CVE-2021-40438
CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-40438 | Apache Advisory | AttackerKB | 09/16/2021 multiple | ASAP | December 1, 2021 14:00 ET On September 16, 2021, Apache released version 2.4.49 of HTTP Server, which included a f...
Metasploit Wrap-Up
Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API...
[Security Nation] Chris John Riley on Minimum Viable Secure Product (MVSP)
!\Security Nation\ Chris John Riley on Minimum Viable Secure Product \MVSP\https://blog.rapid7.com/content/images/2021/11/securitynationlogo--1--2.jpg In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-hos...
OWASP Top 10 Deep Dive: Defending Against Server-Side Request Forgery
Web applications are no longer just assets to a company — they’re an organization’s identity, playing a major role in how customers, clients, and users see a brand. Due to this importance, web apps have also become a primary target for attack. Over the years, these applications have grown more...
The End of the Cybersecurity Skills Crisis (Maybe?)
In just 4 years, you can learn to be fluent in Mandarin. In 2 years, NASA can get you through astronaut training. But the cybersecurity skills gap? It's dire and dead-stuck in its fifth straight year of zero progress. Globally, 3.5 million cybersecurity jobs remain unfilled, and of those candidat...
Metasploit Wrap-Up
Azure Active Directory login scanner module Community contributor k0pak4 added a new login scanner module for Azure Active Directory. This module exploits a vulnerable authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint ca...
2022 Planning: A First-Year CISO Shares Her Point of View
When you're planning for the year ahead in cybersecurity, there's always part of you that's trying to play fortune-teller. You know what risks matter now, and the processes and resources you need to respond to them, but what threats might emerge over the coming 12 months — or 12 weeks, for that...
Make Room for Cloud Security in Your 2022 Budget
Are you thinking about cloud security when making your 2022 budget? You should be. Cloud is the key to innovation and business transformation. It can make life so much easier. The cloud enables companies to expand their products or services, rapidly develop new products, and reach new customers. ...
Distribute Reports to Email Addresses in InsightVM
Rapid7 is investing heavily in the reporting and dashboard capabilities of InsightVM. In 2021 alone, we launched the ability to filter dashboards via single query, a new report creation wizard powered by our query builder, several use-case-driven dashboard templates, and most recently, the abilit...
2022 Planning: Prioritizing Defense and Mitigation Through Left of Boom
In the military, the term “left of boom" refers to the strategy and tactics required to prevent — and protect personnel from — explosions by making proactive decisions before the event happens. Unless you've been fortunate enough to avoid tech and media press for the past 24 months, it should be...
Announcing the 2021 Metasploit Community CTF
It’s time for another Metasploit community CTF! Last year’s beginner-friendly CTF attracted a wider range of audiences and skill levels than in previous years, so we’re replicating our previous game architecture. Players will attack a single Linux target, we’ve spread prizes out across 15 teams,...
Thawing Out the Chilling Effect Of DMCA Section 1201
The Copyright Office has issued the latest rules on exemptions to Section 1201 of the Digital Millennium Copyright Act DMCA. Great news: Legal protections for independent security research have once again been meaningfully strengthened. On the whole, these protections are now significantly greate...
Better Together: XDR, SOAR, Vulnerability Management, and External Threat Intelligence
One of the biggest challenges with both incident response and vulnerability management is not just the raw number of incidents and vulnerabilities organizations need to triage and manage, but the fact that it's often difficult to separate the critical incidents and vulnerabilities from the minor...
Metasploit Wrap-Up
Callback Hell Metasploit has now added an exploit module for CVE-2021-40449, a Windows local privilege escalation exploit caused by a use-after-free during the NtGdiResetDC callback in vulnerable versions of win32k.sys. This module can be used to escalate privileges to those of NT AUTHORITY\SYSTE...
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4
The first 3 installments of our series on Rapid7's hands-on exercise from the IoT Village at this year's DefCon covered how to set up a UART header, how to determine UART status and baud rate, and how to log into single-user mode on the device. In this final post, we'll discuss how to gain full...
Time to Act: Bridging the Gap in Cloud Automation Adoption
Ready or not, the cloud is here. Across the board, an overwhelming majority of organizations recognize the value of the cloud. According to a recent survey conducted by Rapid7, 90% of respondents believe that cloud operations are critical to the competitiveness of their business. Analysts agree —...
Update to GLBA Security Requirements for Financial Institutions
Heads up financial institutions: the Federal Trade Commission FTC announced the first cybersecurity updates to the Gramm Leach-Bliley Act GLBA Safeguards Rule since 2003. The new rule strengthens the required security safeguards for customer information. This includes formal risk assessments,...