Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/11/10 3:44 p.m.92 views

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys...

7.3AI score0.28039EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/11/10 2:26 p.m.12 views

tCell by Rapid7 Supports the Newly Released .NET 6.0

We’re excited to share that we've coordinated our recent .NET and .NET Core agent releases with the brand new .NET 6.0 release from Microsoft. What is tCell? Since the founding of tCell by Rapid7, our web application and API protection solution, we’ve prided ourselves on providing both breadth an...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/09 4:59 p.m.158 views

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...

10CVSS9.8AI score0.99214EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2021/11/09 2:0 p.m.12 views

InsightIDR Was XDR Before XDR Was Even a Thing: An Origin Story

An origin story explains who you are and why. Spiderman has one. So do you. Rapid7 began building InsightIDR in 2013. It was the year Yahoo’s epic data breach exposed the names, dates of birth, passwords, and security questions and answers of 3 billion users. Back then, security professionals...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/08 7:7 p.m.27 views

OWASP Top 10 Deep Dive: Getting a Clear View on Vulnerable and Outdated Components

Most of us think of climbing the ladder as a good thing — but when the ladder in question is OWASP's Top 10 list of application security risks, a sudden upward trajectory is cause for alarm rather than encouragement. In the 2021 edition of the OWASP list, vulnerable and outdated components moved ...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/05 7:43 p.m.140 views

Metasploit Wrap-Up

GitLab RCE New Rapid7 team member jbaines-r7 wrote an exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability results in unauthenticated remote code execution as the git user. What makes this module extra neat is the fact that it chains two vulnerabilities together to...

6.8CVSS9.9AI score0.99981EPSS
Exploits67
Rapid7 Blog
Rapid7 Blog
added 2021/11/05 5:1 p.m.28 views

New NPM library hijacks (coa and rc)

On Thursday, November 4, 2021, barely more than a week after ua-parser-js was hijacked, another popular NPM library called coa Command-Option-Argument, which is used in React packages around the world, was hijacked to distribute credential-stealing malware. The developer community noticed somethi...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/05 2:53 p.m.13 views

2022 Planning: The Path to Effective Cybersecurity Maturity

When it comes to bringing cyber safety and resilience to all parts of your organization, there is no silver bullet. Achieving cybersecurity maturity isn't something you can do overnight — it requires a significant amount of planning, prioritizing, and coordinating across the business. While this...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/04 7:47 p.m.152 views

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...

7.5CVSS7.6AI score0.66023EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2021/11/04 6:0 p.m.19 views

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3

In our first post in this series, we covered the setup of Rapid7's hands-on exercise at Defcon 29's IoT Village. Last week, we discussed how to determine the UART status of the header we created and how to actually start hacking on the IoT device. The goal in this next phase of the IoT hacking...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/04 2:17 p.m.14 views

[Security Nation] Pete Cooper and Irene Pontisso of the UK Cabinet Office on Their Cybersecurity Culture Competition

!\Security Nation\ Pete Cooper and Irene Pontisso of the UK Cabinet Office on Their Cybersecurity Culture Competitionhttps://blog.rapid7.com/content/images/2021/11/securitynationlogo--1-.jpg In this special bonus episode of Security Nation, Jen and Tod chat with Pete Cooper and Irene Pontisso fro...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/04 1:30 p.m.15 views

Building Threat-Informed Defenses: Rapid7 Experts Share Their Thoughts on MITRE ATT&CK

MITRE ATT&CK is considered by practitioners and the analyst community to be the most comprehensive framework of cybersecurity attacks and mitigation techniques available today. MITRE helps the security industry speak the same language and stick to a well-known, common framework. To get more detai...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/03 1:30 p.m.109 views

InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning

Have you ever tried to figure out why a vulnerability or policy scan isn’t showing you the results you expect, even though you’ve provided credentials? If so, you’ll be pleased to hear that the November 3rd release of Nexpose and InsightVM version 6.6.112 will introduce a new check category...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/02 1:35 p.m.18 views

A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 2

In our previous blog on this topic, we discussed some of the considerations when choosing between agent-based and agentless cloud security approaches. The following table provides a summary of these considerations. Aspect | Agent-based | Agentless ---|---|--- Deployment | - Deployed on every asse...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/01 5:56 p.m.17 views

Solving the Access Goldilocks Problem: RBAC for InsightAppSec Is Here

We're all familiar with the story of Goldilocks and the Three Bears. Goldilocks starts a new job as a security specialist on the security team at Three Bears' Porridge, Inc. and is given access to their application security platform. At first, the access she's given is far too broad. It causes...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/01 1:33 p.m.871 views

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-22205 | GitLab Advisory | AttackerKB | Evaluating | ASAP | November 1, 2021 On April 14, 2021, GitLab published a security release to address CVE-2021-22205, a critical remote code...

6.8CVSS0.7AI score0.99981EPSS
Exploits57
Rapid7 Blog
Rapid7 Blog
added 2021/10/29 5:59 p.m.592 views

Metasploit Wrap-Up

OMIGOD It's RCE We are excited to announce that we now have a module for the OMIGOD vulnerability that exploits CVE-2021-38647 courtesy of our very own Spencer McIntyre! Successful exploitation will allow an unauthenticated attacker to gain root level code execution against affected servers. Give...

10CVSS0.6AI score0.99992EPSS
Exploits203
Rapid7 Blog
Rapid7 Blog
added 2021/10/29 2:2 p.m.11 views

2022 Planning: Straight Talk on Zero Trust

“Zero trust" is increasingly being heralded as the ultimate solution for organizational cyber safety and resilience — but what does it really mean, and how can you assess if it has a practical place in your organization's cybersecurity strategy for 2022? In this post, we'll answer those questions...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/28 6:21 p.m.35 views

Sneaking Through Windows: Infostealer Malware Masquerades as Windows Application

This post also includes contributions from Reese Lewis, Andrew Christian, and Seth Lazarus. Rapid7's Managed Detection and Response MDR team leverages specialized toolsets, malware analysis, tradecraft, and collaboration with our colleagues on the Threat Intelligence and Detection Engineering TID...

1.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/28 1:44 p.m.54 views

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2

In our last post, we discussed how we set up Rapid7's hands-on exercise at the Defcon 29 IoT Village. Now, with that foundation laid, we'll get into how to determine whether the header we created is UART. When trying to determine baud rate for IoT devices, I often just guess. Generally, for typic...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/27 7:30 p.m.93 views

[Security Nation] Jack Cable on Ransomwhere

!\Security Nation\ Jack Cable on Ransomwherehttps://blog.rapid7.com/content/images/2021/10/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker...

8.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/27 2:22 p.m.13 views

Automation Enables Innovation in the Cloud

As public cloud adoption continues to grow year after year, we see more and more enterprises realizing the strategic advantage the cloud can provide to help deliver new and innovative products quicker, roll out new features with ease, and reach new customers. But along with those advantages comes...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/26 12:41 p.m.19 views

Securely Advancing in the Sunshine State: Rapid7 Announces Tampa Office Opening

In our quest to create a safer digital world for all, Rapid7 is also on a mission to reimagine the future of work, culture, and talent — admittedly, we've set the bar pretty high for ourselves. But that's part of the spirit of Never Done, one of our core values. We're always striving to do better...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/25 7:16 p.m.44 views

NPM Library (ua-parser-js) Hijacked: What You Need to Know

Last Update: October 27, 2021 For approximately 4 hours on Friday, October 22, 2021, a widely utilized NPM package, ua-parser-js, was embedded with a malicious script intended to install a coinminer and harvest user/credential information. This package is used “to detect Browser, Engine, OS, CPU,...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/25 1:43 p.m.54 views

Recog: Data Rules Everything Around Me

The recog project — a recognition framework used to identify products, operating systems, and hardware through matching network probe data against its extensive fingerprint collection — has been around for many years. In the beginning, Rapid7 used it internally as part of the Nexpose vulnerabilit...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/22 3:49 p.m.27 views

2022 Planning: Designing Effective Strategies to Manage Supply Chain Risk

Supply chains are on everyone's mind right now — from consumer-tech bottlenecks to talks of holiday-season toy shortages. Meanwhile, cyberattacks targeting elements of the supply chain have become increasingly common and impactful — making this area of security a top priority as organizations...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/22 2:25 p.m.110 views

Metasploit Wrap-Up

We just couldn't contain ourselves! This week we've got two Kubernetes modules coming at you from adfoster-r7 and smcintyre-r7. First up is an enum module auxiliary/cloud/kubernetes/enumkubernetes that'll extract a variety of information including the namespaces, pods, secrets, service token...

7.5CVSS0.1AI score0.99999EPSS
Exploits45
Rapid7 Blog
Rapid7 Blog
added 2021/10/21 2:11 p.m.16 views

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1

This year, Rapid7 participated at the IoT Village during DefCon29 by running a hands-on hardware hacking exercise, with the goal of exposing attendees to concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics, including how to u...

1.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/20 1:27 p.m.38 views

A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 1

When it comes to securing your cloud assets' activities at runtime, the first step is deciding how. There are enough possible solutions that you're likely to find yourself at a crossroads trying to decide between them. The factors that may affect your choice include: Friction level — How...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/19 4:58 p.m.173 views

OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective

In case you missed it, injection claimed the number 3 spot in OWASP's updated Top 10 application security risks for 2021. Today, I'm going to highlight some of the reasons why injection is such a formidable threat, despite it falling two spaces from the number 1 slot on OWASP's 2017 list. But...

6.8CVSS0.6AI score0.76814EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2021/10/18 2:47 p.m.22 views

Passwordless Network Scanning: Same Insights, Less Risk

Password-based credentials are a ubiquitous part of our online lives, but they are prone to vulnerabilities. Combatting those vulnerabilities has been a major hurdle for security professionals, and it's come at major cost for businesses. We are reinventing the credentialing process for our Networ...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/15 6:49 p.m.53 views

Metasploit Wrap-Up

An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...

9CVSS9.2AI score0.24173EPSS
Exploits19
Rapid7 Blog
Rapid7 Blog
added 2021/10/15 2:59 p.m.16 views

4 Simple Steps for an Effective Threat Intelligence Program

Threat intelligence is a critical part of an organization's cybersecurity strategy, but given how quickly the state of cybersecurity evolves, is the traditional model still relevant? Whether you're a cybersecurity expert or someone who's looking to build a threat intelligence program from the...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/14 5:32 p.m.33 views

Turn On, Tune In, Drop the Noise: Achieve Better Cloud Security by Reducing Noise

The modern world is full of signals. A select few are critically important, others are interesting or informative, and the overwhelming majority are less useful or painfully irrelevant. All of these signals that are neither useful nor relevant are best categorized as noise. For security...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/13 5:38 p.m.17 views

[Security Nation] Michael Daniel on the Cyber Threat Alliance

!\Security Nation\ Michael Daniel on the Cyber Threat Alliancehttps://blog.rapid7.com/content/images/2021/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Michael Daniel, president and CEO of the Cyber Threat Alliance CTA, as well as a co-chair on the IST’s...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/12 7:47 p.m.131 views

Patch Tuesday - October 2021

Today’s Patch Tuesday sees Microsoft issuing fixes for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike. One vulnerability has...

7.2CVSS0.2AI score0.73381EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2021/10/12 5:0 p.m.13 views

This Was the Summer of AppSec: All the Improvements We Made in Q3

Summer has come to an end. The backyard barbecues are behind us, the hot dogs have all been eaten, and we're all gearing up for some awesome autumn leaf peeping. But before we fall into another season see what we did there?, we wanted to take a moment to look back on all of the improvements we've...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/12 1:0 p.m.28 views

Have You Checked the New Kubernetes RBAC Swiss Army Knife?

Kubernetes Role-Based Access Control RBAC is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamicall...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/08 4:57 p.m.79 views

Metasploit Wrap-Up

Telemetry is for gathering data, not executing commands as root, right?... This week's highlight is a new exploit module by our own wvu for VMware vCenter Server CVE-2021-22005, a file upload vuln that arises from a flaw in vCenter’s analytics/telemetry service, which is enabled by default...

7.5CVSS0.3AI score0.99999EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2021/10/08 1:30 p.m.185 views

What's New in InsightVM: Q3 2021 in Review

In today's post, we're giving a rundown of new features and functionality launched in Q3 2021 for InsightVM and the Insight Platform. We hope you can begin to leverage these changes to drive success across your organization. Apple Silicon support on the Insight Agent We're excited to announce tha...

10CVSS9.5AI score0.99999EPSS
Exploits158
Rapid7 Blog
Rapid7 Blog
added 2021/10/07 1:23 p.m.26 views

Velociraptor to Announce Winners of Its 2021 Contributor Competition

Velociraptor and Rapid7 are excited to announce the winners of our 2021 Velociraptor Contributor Competition on Friday, October 8. This competition encourages development of useful content and extensions to the Velociraptor platform. Submissions include new functionality in the form of VQL...

1.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/06 4:42 p.m.669 views

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-41773, CVE-2021-42013 | Apache Advisory | AttackerKB | Available | ASAP | October 12, 2021 15:00 ET See the Updates section at the end of this post for information on developments th...

7.5CVSS0.4AI score0.99992EPSS
Exploits173
Rapid7 Blog
Rapid7 Blog
added 2021/10/06 2:7 p.m.627 views

For Microsoft Exchange Server Vulnerabilities, Patching Remains Patchy

If you've been keeping tabs on the state of vulnerabilities, you've probably noticed that Microsoft Exchange has been in the news more than usual lately. Back in March 2021, Microsoft acknowledged a series of threats exploiting zero-day CVEs in on-premises instances of Exchange Server. Since then...

10CVSS0.3AI score0.99999EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2021/10/05 1:34 p.m.23 views

What's New in InsightIDR: Q3 2021 in Review

This post offers a closer look at some of the recent updates and releases in InsightIDR, our extended detection and response solution, from Q3 2021. Welcome IntSights to the Rapid7 Insight Platform family! As you may have seen in recent communications, Rapid7 acquired IntSights, a leading provide...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/04 1:49 p.m.26 views

[The Lost Bots] Episode 6: D&R + VM = WINNING!

!\The Lost Bots\ Episode 6: D&R + VM = WINNING!https://blog.rapid7.com/content/images/2021/10/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpeg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security wi...

1.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/01 4:26 p.m.17 views

Metasploit Wrap-Up

Credential gatherers, mix-ins, oh my! We're excited that Metasploit now includes support for 28 related post modules for gathering credentials based on the PackRat toolset. This is a continuation of 5433, 11700, and 11719. It was developed by community contributors Kazuyoshi Maruta, Daniel...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/01 1:31 p.m.13 views

National Cybersecurity Awareness Month: How Security Pros Can Get Involved

Fall is a time defined by yearly rituals. For some of us, that means breaking out our favorite knit sweaters, indulging in pumpkin-flavored everything, or — in the immortal words of George Costanza — “shifting into soup mode." The information security world has its own autumnal observance: Nation...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/30 2:24 p.m.31 views

The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

Late last week, the Open Web Application Security Project OWASP released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/29 6:22 p.m.61 views

[Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

!\Security Nation\ Rob Graham on Mike Lindell's Cyber Symposiumhttps://blog.rapid7.com/content/images/2021/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell's Cyber...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/27 1:51 p.m.15 views

To the Left: Your Guide to Infrastructure as Code for Shifting Left

It's the cloud's world now, and we're all just living in it. The mass migration of organizational infrastructure to the cloud isn't slowing down any time soon — and really, why would it? Cloud computing has allowed developers to move at vastly greater speeds than ever before. And this in turn let...

0.6AI score
Exploits0
Total number of security vulnerabilities1723