Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/09/24 8:5 p.m.53 views

Metasploit Wrap-Up

Vulnerability is in the eye of the beholder Exploiting firmware authored by UDP Technology and provided to multiple large OEMs including Geutebruck, community contributor TrGFxX has authored a neat module that allows RCE as root on machines running the web interface of the Geutebruck G-Cam and...

7.5CVSS0.5AI score0.787EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2021/09/24 1:25 p.m.24 views

Ransomware: Is Critical Infrastructure in the Clear?

Recently I've been getting asked whether I believe ransomware is on the decline, particularly for critical infrastructure. Part of the reason for this question seems to be a recent security briefing from White House deputy national security adviser Anne Neuberger, suggesting that language on the...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/23 1:16 p.m.38 views

Easier URI Targeting With Metasploit Framework

Over the past year and a half, Metasploit Framework’s core engineering team in Belfast has made significant improvements to usability, discoverability, and the general quality of life for the global community of Framework users. A few of the enhancements we’ve worked on in MSF 6 include: A handy...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/22 1:58 p.m.18 views

Rapid7 Technical Support: Building a Career Path With Endless Possibilities

At Rapid7, our Technical Support teams deliver a world-class support experience to our customers across the globe. We have Support Moose on 4 continents, in 10 offices, and across 8 time zones, but we're all one herd. So, how do we achieve this? We swarm on cases together each day, we collaborate...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/21 7:55 p.m.1126 views

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

See the Updates section at the end of this post for new information as it comes to light, including reports of exploitation. Description On Tuesday, September 21, 2021, VMware published security advisory VMSA-2021-0020, which includes details on CVE-2021-22005, a critical file upload vulnerabilit...

10CVSS0.99999EPSS
Exploits68
Rapid7 Blog
Rapid7 Blog
added 2021/09/21 12:53 p.m.42 views

Rapid7 Statement on the New Standard Contractual Clauses for International Transfers of Personal Data

Context: On June 4, 2021, the European Commission published new standard contractual clauses “New SCCs". Under the General Data Protection Regulation “GDPR", transfers of personal data to countries outside of the European Economic Area EEA must meet certain conditions. The New SCCs are an approve...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/20 2:23 p.m.19 views

Login Authentication Goes Automated With New InsightAppSec Improvements

Move over, macros — automated login is here. At Rapid7, we know the most powerful tools in your security portfolio are the ones that help you understand your risks quickly. With our new automated login for InsightAppSec, you can access and scan even the most complex, modern applications quickly a...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/17 7:59 p.m.149 views

Metasploit Wrap-Up

Clone your way to code execution We’ve had a busy week bringing you exploits, features, enhancements, and fixes. Exploit modules for Git and El Finder lead the pack this week with an information disclosure against Jira and a post exploitation module targeting Geutebruck white-labelled cameras to...

10CVSS0.1AI score0.99603EPSS
Exploits27
Rapid7 Blog
Rapid7 Blog
added 2021/09/17 1:25 p.m.18 views

SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal

It's that time of year once again: The SANS Institute — the most trusted resource for cybersecurity research — has conducted its sixth annual Threat Hunting Survey, sponsored by Rapid7. The goal of this survey is to better understand the current threat hunting landscape and the benefits provided ...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/16 1:30 p.m.16 views

The Ransomware Killchain: How It Works, and How to Protect Your Systems

Much ado has been made by this very author on this very blog! about the incentives for attackers and defenders around ransomware. There is also a wealth of information on the internet about how to protect yourself from ransomware. One thing we want to avoid losing sight of, however, is just how w...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/15 8:3 p.m.24 views

[Security Nation] Craig Williams of Cisco Talos on Proxyware

!\Security Nation\ Craig Williams of Cisco Talos on Proxywarehttps://blog.rapid7.com/content/images/2021/09/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Craig Williams, recently of Cisco Talos, about proxyware and integrating security acquisitions the right way...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/15 2:30 p.m.339 views

OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability

Update: On September 16, 2021, Microsoft released an updated OMS agent v1.13.40-0 that addresses these vulnerabilities. You can download the updated version from Microsoft's GitHub repo here. In response, our team is updating the pre-built insight in InsightCloudSec to specifically look for...

7.5CVSS1.6AI score0.99723EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2021/09/15 3:44 a.m.130 views

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here’s three big things you can go patch right now. MSHTML Remote...

7.5CVSS0.9AI score0.99723EPSS
Exploits62
Rapid7 Blog
Rapid7 Blog
added 2021/09/13 1:32 p.m.20 views

[The Lost Bots] Episode 5: Insider Threat

!\The Lost Bots\ Episode 5: Insider Threathttps://blog.rapid7.com/content/images/2021/09/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpeg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/10 6:32 p.m.197 views

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

7.5CVSS8.6AI score0.99999EPSS
Exploits45
Rapid7 Blog
Rapid7 Blog
added 2021/09/10 1:30 p.m.27 views

The Rise of Disruptive Ransomware Attacks: A Call To Action

Our collective use of and dependence on technology has come quite a long way since 1989. That year, the first documented ransomware attack — the AIDS Trojan — was spread via physical media 5 1⁄4" floppy disks delivered by the postal service to individuals subscribed to a mailing list. The malware...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/09 2:20 p.m.16 views

Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report

A lot changed in 2020, and the way businesses use the cloud was no exception. According to one study, 90% of organizations plan to increase their use of cloud infrastructure following the COVID-19 pandemic, and 61% are planning to optimize the way they currently use the cloud. The move to the clo...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/08 1:48 p.m.23 views

Security at Scale in the Open-Source Supply Chain

“We’ve all heard of paying it forward, but this is ridiculous!” That’s probably what most of us think when one of our partners or vendors inadvertently leaves an open door into our shared supply-chain network; an attacker can enter at any time. Well, we probably think in slightly more...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/07 1:0 p.m.65 views

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

!CVE-2021-3546\78: Akkadian Console Server Vulnerabilities \FIXED\https://blog.rapid7.com/content/images/2021/09/akkadian-vuln.jpg Over the course of routine security research, Rapid7 researchers Jonathan Peterson, Cale Black, William Vu, and Adam Cammack discovered that the Akkadian Console ofte...

4.6CVSS1.3AI score0.00463EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/03 4:30 p.m.81 views

Metasploit Wrap-Up

Capture Credentials with our new SMB Server Our own Adam Galway revamped the old SMB capture module and now supports NTLMv1 and NTLMv2, as well as SMB1, SMB2 and SMB3. This was possible thanks to @zeroSteiner's new RubySMB server implementation. Metasploit is now able to capture NTLM hashes from...

7.2CVSS8.2AI score0.94622EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2021/09/03 1:12 p.m.46 views

Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components

Thanks to CSI and the many other crime-solving shows that have grasped our collective imagination for decades, we're all at least somewhat familiar with the field of forensics and its unique appeal. At some point, anyone who's watched these series has probably envisioned themselves in the...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/02 3:44 p.m.179 views

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...

7.5CVSS0.3AI score0.99999EPSS
Exploits45
Rapid7 Blog
Rapid7 Blog
added 2021/09/02 1:39 p.m.23 views

SANS Experts: 4 Emerging Enterprise Attack Techniques

In a recent report, a panel of SANS Institute experts broke down key takeaways and emerging attack techniques from this year’s RSA Security Conference. The long and short of it? This next wave of malicious methodologies isn’t on the horizon — it’s here. When it comes to supply-chain and ransomwar...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/01 5:43 p.m.15 views

[Security Nation] Jill Fraser and Deborah Blyth on Securing Colorado

!\Security Nation\ Jill Fraser and Deborah Blyth on Securing Coloradohttps://blog.rapid7.com/content/images/2021/09/securitynationlogo--1-.jpg In this episode of Security Nation, we chat with Deborah Blyth, CISO of the State of Colorado, and Jill Fraser, CISO for Jefferson County, Colorado. They...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/01 1:11 p.m.75 views

New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

The pandemic and remote work shattered your perimeter. Your attack surface has changed — and will keep changing. It’s our mission to help customers strengthen security defenses and stay ahead of evil. As the modern perimeter expands, new and old vulnerabilities emerge as open doors for attackers;...

4.3CVSS0.9AI score0.99999EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2021/08/31 5:0 p.m.52 views

Cybersecurity in the Infrastructure Bill

On August 10, 2021, the U.S. Senate passed the Infrastructure Investment and Jobs Act of 2021 H.R.3684. The bill comes in at 2,700+ pages, provides for $1.2T in spending, and includes several cybersecurity items. We expect this legislation to become law around late September and do not expect...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/31 1:0 p.m.50 views

CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities

!CVE-2021-3927\67: Fortress S03 WiFi Home Security System Vulnerabilitieshttps://blog.rapid7.com/content/images/2021/08/fortress-vuln.jpg Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System. These vulnerabilities could result in...

0.2AI score0.01589EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2021/08/30 1:30 p.m.10 views

[The Lost Bots] Episode 4: Deception Technology

!\The Lost Bots\ Episode 4: Deception Technologyhttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence-1.jpeg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/27 7:3 p.m.66 views

Metasploit Wrap-Up

LearnPress authenticated SQL injection Metasploit contributor h00die added a new module that exploits CVE-2020-6010, an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to...

6.5CVSS8.8AI score0.49231EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2021/08/27 2:1 p.m.11 views

The Cybersecurity Skills Gap Is Widening: New Study

The era of COVID-19 has taught us all a few things about supply and demand. From the early days of toilet paper shortages to more recent used-car pricing shocks, the stress tests brought on by a global pandemic have revealed the extremely delicate balance of scarcity and surplus. Another area...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/25 1:56 p.m.18 views

[R]Evolution of the Cyber Threat Intelligence Practice

!\R\Evolution of the Cyber Threat Intelligence Practicehttps://blog.rapid7.com/content/images/2021/08/evolution-threat-intelligence.jpg Co-authored by Yotam Avitan, Deputy Head of Global CSOC at Novartis The cyber threat intelligence CTI space is one of the most rapidly evolving areas in...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/24 1:38 p.m.16 views

Cybercriminals Selling Access to Compromised Networks: 3 Surprising Research Findings

Cybercriminals are innovative, always finding ways to adapt to new circumstances and opportunities. The proof of this can be seen in the rise of a certain variety of activity on the dark web: the sale of access to compromised networks. This type of dark web activity has existed for decades, but i...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/23 3:28 p.m.30 views

[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

!\The Lost Bots\ Bonus Episode: Velociraptor Contributor Competitionhttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpeg Welcome back for a special bonus edition of The Lost Bots, a vlog series where Rapid7 Detection and Response Practice...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/23 2:25 p.m.31 views

Rapid7 MDR Named a Market Leader, Again!

New IDC MarketScape Names Rapid7 a Leader in U.S. Managed Detection and Response MDR It’s a big year to be named a Leader. Time magazine said the pandemic produced “the world’s largest work-from-home experiment.” Suddenly, everyone was accessing everything from everywhere. Control moved outside...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/20 7:12 p.m.279 views

Metasploit Wrap-Up

Anyone enjoy making chains? The community is hard at work building chains to pull sessions out of vulnerable Exchange servers. This week Rapid7's own wvu & Spencer McIntyre added a module that implements the ProxyShell exploit chain originally demonstrated by Orange Tsai. The module also benefite...

10CVSS0.2AI score0.99999EPSS
Exploits23
Rapid7 Blog
Rapid7 Blog
added 2021/08/20 1:30 p.m.14 views

Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic

As any job seeker knows, a lot of thought goes into accepting a new role at a new company — even more so during a pandemic. For sales professionals, this decision includes considering company growth and trajectory, industry leadership, and company culture, all of which had the potential of being...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/19 1:41 p.m.18 views

Rapid7 Announces Partner of the Year Awards 2021 Winners

Over the past year and more, we’ve lived through the most extraordinary, turbulent, and challenging times we’ll likely experience in our lifetime. Yet through all the uncertainty, our partners have continued to show determination, drive, and commitment, performing at an exceptional level. With th...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/18 6:9 p.m.48 views

[Security Nation] Daniel Crowley on Running a Cybersecurity Internship

!\Security Nation\ Daniel Crowley on Running a Cybersecurity Internshiphttps://blog.rapid7.com/content/images/2021/08/securitynationlogo-1.jpg On the latest episode of Security Nation, we’re joined by Daniel Crowley, IBM X-Force Red’s Research Director — aka Global Research Baron a title that...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/17 1:58 p.m.133 views

Fortinet FortiWeb OS Command Injection

An OS command injection vulnerability in FortiWeb's management interface version 6.3.11 and prior can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is an instance of CWE-78: Improper Neutralization of Special...

9CVSS9.2AI score0.7727EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/08/16 1:15 p.m.46 views

[The Lost Bots] Episode 3: Stories From the SOC

!\The Lost Bots\ Episode 3: Stories From the SOChttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security wi...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/13 6:25 p.m.331 views

Metasploit Wrap-Up

Print Driver PrivEsc If you attended DEF CON last week, you may have seen this talk on print driver vulnerabilities from Metasploit community contributor Jacob Baines. In the spirit of Friday the 13th, we're highlighting some of these "print nightmares" again, in the form of two new Metasploit...

7.5CVSS9.9AI score0.95355EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2021/08/13 4:0 p.m.40 views

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

As penetration testers, we spend most of our time working with different types of networks, applications, and hardware devices. Physical security is another fun area we get to work in during physical social engineering penetration tests and red team engagements, which sometimes includes attempts ...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/13 1:9 p.m.42 views

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

It’s no secret that most organizations need to dramatically improve their incident detection and response and vulnerability management VM programs. How many major security breaches could organizations avert if they could detect and address them at the start, when they’re still just minor incident...

1.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/12 9:8 p.m.659 views

ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers

This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. Rapid7 also has a technical analysis of the ProxyShell exploit chain in AttackerKB. On August 5, 2021, in a Black Hat USA talk, DEVCORE researcher Orange Tsai shared information on...

10CVSS9.4AI score0.99999EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2021/08/12 5:13 p.m.312 views

Popular Attack Surfaces, August 2021: What You Need to Know

See the Updates section at the end of this post for new information as it comes to light. Whether you attended virtually, IRL, or not at all, Black Hat and DEF CON have officially wrapped, and security folks’ brains are replete with fresh information on new and some not-so-new vulnerabilities and...

10CVSS9.6AI score0.99999EPSS
Exploits186
Rapid7 Blog
Rapid7 Blog
added 2021/08/12 1:36 p.m.48 views

Reforming the UK’s Computer Misuse Act

The UK Home Office recently ran a Call for Information to investigate the Computer Misuse Act 1990 CMA. The CMA is the UK’s anti-hacking law, and as Rapid7 is active in the UK and highly engaged in public policy efforts to advance security, we provided feedback on the issues we see with the...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/11 1:38 p.m.42 views

Cloud Security Glossary: Key Terms and Definitions

When navigating the complexities of the public cloud, it’s easy to get lost in the endless acronyms, industry jargon, and vendor-specific terms. From K8s to IaC to Shift Left, it can be helpful to have a map to navigate the nuances of this emerging segment of the market. That’s why a few cloud...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/11 3:19 a.m.204 views

Patch Tuesday - August 2021

Hot off the press, it’s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includ...

7.5CVSS0.9AI score0.67252EPSS
Exploits26
Rapid7 Blog
Rapid7 Blog
added 2021/08/10 1:32 p.m.32 views

Hack Back Is Still Wack

Every year or two, we see a policy proposal around authorizing private-sector hack back. The latest of these is legislation from two U.S. Senators, Daines and Whitehouse, and it would require the U.S. Department of Homeland Security DHS to “conduct a study on the potential benefits and risks of...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/06 8:26 p.m.64 views

Metasploit Wrap-Up

Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk ​​Bring You...

7AI score
Exploits0
Total number of security vulnerabilities1723