Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/08/06 7:45 p.m.66 views

Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways

Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year. So without further delay, let’s take it away! Get more DEF CON 2021 insights from our Research team on Tuesday, August 10 Sign up for our What...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/06 2:17 p.m.204 views

Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever

Note: A more detailed version of this post is available as a preprint on the ArXiv. The casino floor at Bally's is a thrilling place, one that loads of hackers are familiar with from our time at DEF CON. One feature of these casinos is the unmistakable song of slots being played. Imagine a slot...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/05 8:26 p.m.33 views

Black Hat 2021: Rapid7 Experts Share Key Day 1 Takeaways

OK, no big deal, we know how this goes. Once again, many of us are attending Black Hat in a virtual capacity as COVID-19 meanders its way out of our lives. The good news is that there’s an actual live component again this year in Las Vegas, and that’s progress. Here’s hoping that next year the...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/04 7:57 p.m.56 views

[Security Nation] Richard Kaufmann on Cybersecurity in Home Healthcare

!\Security Nation\ Richard Kaufmann on Cybersecurity in Home Healthcarehttps://blog.rapid7.com/content/images/2021/08/securitynationlogo.jpg In this episode of Security Nation, we’re joined for the second time! by Richard Kaufmann, CISO at Amedisys, a leading provider of home healthcare. He’ll te...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/03 8:13 p.m.324 views

PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS

The PetitPotam attack vector was assigned CVE-2021-36942 and patched on August 10, 2021. See the Updates section at the end of this post for more information. Late last month July 2021, security researcher Topotam published a proof-of-concept PoC implementation of a novel NTLM relay attack...

0.2AI score0.66023EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2021/08/03 1:25 p.m.43 views

The Ransomware Task Force: A New Approach to Fighting Ransomware

In the past few months, we’ve seen ransomware attacks shut down healthcare across Ireland, fuel delivery across parts of the US, and meat processing across Australia, Canada and the US. We’ve seen demands of payments in the tens of millions of dollars. We’re also continuing to see trends around...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/02 6:0 p.m.34 views

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

!\The Lost Bots\ Episode 2: Extended Detection and Response \XDR\https://blog.rapid7.com/content/images/2021/07/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpg Welcome back to The Lost Bots, a new vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks a...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/08/02 1:16 p.m.142 views

3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle

DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds. In this post, we’ll take...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/30 6:4 p.m.311 views

Metasploit Wrap-Up

New Olympic Discipline: Hive Hunting This week, community contributor Hakyac added a new Olympic discipline to Metasploit exploit sport category, which is based on the work of community security researchers @jonasLyk and Kevin Beaumont. The rules are simple: You need to abuse a flaw in Windows 10...

8.3CVSS0.6AI score0.88158EPSS
Exploits36
Rapid7 Blog
Rapid7 Blog
added 2021/07/28 7:34 p.m.56 views

[Security Nation] Philipp Amann on No More Ransom

!\Security Nation\ Philipp Amann on No More Ransomhttps://blog.rapid7.com/content/images/2021/07/securitynationlogo-2.jpg In this episode of Security Nation, we're joined by Philipp Amann of Europol. Jen and Tod chat with Philipp about No More Ransom, a Europol-lead effort to combat ransomware by...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/27 2:30 p.m.359 views

Multiple Open Source Web App Vulnerabilities Fixed

Today, Rapid7 is disclosing 9 vulnerabilities that affect 3 open-source projects: EspoCRM, Pimcore, and Akaunting. Right out of the gate, I'd like to give a special thanks to these 3 open-source project maintainers. While it's never great to learn of new vulnerabilities in your own product, all 3...

9CVSS8.1AI score0.01499EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2021/07/26 2:18 p.m.36 views

Decrypter FOMO No Mo’: Five Years of the No More Ransom Project

The amazing No More Ransom Project celebrates its fifth anniversary today and so we just wanted to take a moment to talk about what it has accomplished and why you should tell all your friends about it. The name pretty much says it all — No More Ransom aims to help organizations avoid having to p...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/23 7:39 p.m.329 views

Metasploit Wrap-Up

Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource...

10CVSS0.94089EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2021/07/21 9:7 p.m.53 views

What’s New in InsightAppSec and tCell: Q2 2021 in Review

If there’s a theme to InsightAppSec and tCell updates and improvements in the second quarter, it would be “save time by building it into the process.” Building a more efficient process is key in further securing web applications. Can you get it done faster from home? Or is the quickest way to the...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/21 7:6 p.m.52 views

[Security Nation] Brian Honan on creating Ireland's first CERT

!\Security Nation\ Brian Honan on creating Ireland's first CERThttps://blog.rapid7.com/content/images/2021/07/securitynationlogo-1.jpg In this episode of Security Nation, we’re joined by Brian Honan of BH Consulting. Jen and Tod chat with Brian about his experience as a founder of Ireland's first...

0.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/21 4:1 p.m.585 views

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

On Monday, July 19, 2021, community security researchers began reporting that the Security Account Manager SAM file on Windows 10 and 11 systems was READ-enabled for all local users. The SAM file is used to store sensitive security information, such as hashed user and admin passwords. READ...

4.6CVSS0.9AI score0.67252EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2021/07/21 1:5 p.m.49 views

Grow Your Career at Rapid7: North America Sales

As any sales professional knows, working for an organization where your growth and development are supported is key — not to mention selling a product you believe in and a company mission you can get behind. At Rapid7, you can check both of those boxes. With a stellar Business Development program...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/19 8:5 p.m.39 views

[The Lost Bots] Episode 1: External Threat Intelligence

!\The Lost Bots\ Episode 1: External Threat Intelligencehttps://blog.rapid7.com/content/images/2021/07/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.png Welcome to The Lost Bots, a new vlog series where Rapid7 resident expert and former CISO Jeffrey Gardner virtually sits down with fell...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/19 8:5 p.m.38 views

Rapid7 + XDR: Security that Moves as Fast as Your Business

Since launching InsightIDR almost six years ago, our mission has remained constant: make it possible for any security team to achieve fast, sophisticated threat detection and response programs that scale with their business. Making threat detection and response as agile and simple as possible...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/19 8:4 p.m.36 views

Rapid7 Acquires IntSights to Tackle the Expanding Threat Landscape

I am pleased to share the exciting news that, today, Rapid7 acquired IntSights, a leading provider of cloud-native, external threat intelligence and proactive threat remediation. The IntSights team is fantastic, and their threat intelligence capabilities are equally impressive. I’ll share more...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/19 3:0 p.m.113 views

Accelerating SecOps and Emergent Threat Response with the Insight Platform

When we talk to customers about the Insight Platform and how to best support their evolving needs, they're often not asking for another product, but rather a capability that enhances a current experience. Our customers have the core ingredients of a robust security program, but as their attack...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/16 7:47 p.m.179 views

What’s New in InsightVM: Q2 2021 in Review

The world is changing rapidly. We hear that phrase a lot. Throughout Q2 though, it really is true. Vaccines have been rolling out, to varying success depending on the part of the world, but there is optimism. As Rapid7 offices begin to open up to our hard-working team members around the globe, we...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/16 7:47 p.m.394 views

Metasploit Wrap-Up

Eternal Blue improvements Prior to this release Metasploit offered two separate exploit modules for targeting MS17-010, dubbed Eternal Blue. The Ruby module previously only supported Windows 7, and a separate ms17010eternalbluewin8 Python module would target Windows 8 and above. Now Metasploit...

10CVSS1.1AI score0.99999EPSS
Exploits58
Rapid7 Blog
Rapid7 Blog
added 2021/07/14 5:55 p.m.31 views

Why the Robot Hackers Aren’t Here (Yet)

“Estragon: I'm like that. Either I forget right away or I never forget.” - Samuel Beckett, Waiting for Godot Hacking and Automation As hackers, we spend a lot of time making things easier for ourselves. For example, you might be aware of a tool called Metasploit, which can be used to make getting...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/13 8:56 p.m.158 views

Patch Tuesday - July 2021

Microsoft has patched another 117 CVEs, returning to volumes seen in early 2021 and most of 2020. It would appear that the recent trend of approximately 50 vulnerability fixes per month was not indicative of a slowing pace. This month there were 13 vulnerabilities rated Critical with nearly the...

10CVSS1AI score0.99999EPSS
Exploits96
Rapid7 Blog
Rapid7 Blog
added 2021/07/13 4:0 p.m.486 views

Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies

Rapid7 is aware of and tracking all information surrounding a coordinated, mass ransomware attack reported to be affecting hundreds of organizations. Huntress Labs is maintaining a public Reddit thread documenting the scope and triage of an event that has, as of the original post date see updates...

7.5CVSS0.4AI score0.85619EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2021/07/12 10:39 p.m.155 views

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 released May 5, 2021 and all prior versions. Successful exploitation of CVE-2021-35211 could enable an attacker to gai...

0.7AI score0.9116EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/07/09 8:13 p.m.196 views

Securing the Supply Chain: Lessons Learned from the Codecov Compromise

Supply chain attacks are all the rage these days. While they’re not a new part of the threat landscape, they are growing in popularity among more sophisticated threat actors, and they can create significant system-wide disruption, expense, and loss of confidence across multiple organizations,...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/09 5:53 p.m.816 views

Metasploit Wrap-up

PrintNightmare Rapid7 security researchers Christophe De La Fuente, and Spencer McIntyre, have added a new module for CVE-2021-34527, dubbed PrintNightmare. This module builds upon the research of Xuefeng Li, Zhang Yunhai, Zhiniang Peng, Zhipeng Huo, and cube0x0. The module triggers a remote DLL...

9.3CVSS0.1AI score0.99759EPSS
Exploits75
Rapid7 Blog
Rapid7 Blog
added 2021/07/08 8:0 p.m.64 views

Apple Silicon Support on Insight Agent

We are pleased to announce the general availability of native support of Apple Silicon chips for the Rapid7 Insight Agent! The Insight Agent has been fully validated and tested to run on the new Apple Silicon systems natively, and does not require Rosetta 2 to install or operate. This ensures...

0.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/08 6:14 p.m.55 views

What's New in InsightIDR: Q2 2021 in Review

This year, we’re focusing on providing customers with more extensibility and customization in InsightIDR — from adding new event sources to completely refreshing our Dashboard and Reporting experience, we’ve made some strides over the last few months. This post offers a closer look at some of the...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/08 1:5 p.m.202 views

Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 2

I have logs on my mind right now, because every spring, as trees that didn’t survive the winter are chopped down, my neighbor has truckloads of them delivered to his house. All the logs are eventually burned up in his sugar house and used to make maple syrup, and it reminds me that I have some lo...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/07 6:7 p.m.31 views

[Security Nation] Jonathan Cran on demystifying startup funding for security companies

!\Security Nation\ Jonathan Cran on demystifying startup funding for security companieshttps://blog.rapid7.com/content/images/2021/07/securitynationlogo.jpg In this episode of Security Nation, we’re joined by Jonathan Cran. We wade into uncharted territory with Jonathan, as he claims the title of...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/07 1:10 p.m.46 views

Introducing InsightCloudSec

A little over a year ago, when DivvyCloud first combined forces with Rapid7, I wrote that we did it because of culture, technology alignment, and the opportunity to drive even greater innovation in cloud security. Those core values remain true, and so does something else. As more organizations...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/07 1:5 p.m.128 views

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers Jonathan Peterson, Aaron Herndon, Cale Black, Ryan Villarreal, and William Vu. These vulnerabilities were reported to Sage according to Rapid7's usual vulnerability disclosure process and were fixed in recent releases fo...

1.4AI score0.70268EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2021/07/06 5:57 p.m.51 views

Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 1

New to writing regular expressions? No problem. In this two-part blog series, we’ll cover the basics of regular expressions and how to write regular expression statements regex to extract fields from your logs while using the custom parsing tool. Like learning any new language, getting started ca...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/06 3:15 p.m.45 views

Once Again, Rapid7 Named a Leader in 2021 Gartner Magic Quadrant for SIEM

Rapid7 is elated for InsightIDR to be recognized as a Leader in the 2021 Gartner Magic Quadrant for Security Information and Event Management SIEM. This is the second consecutive time our SaaS SIEM—InsightIDR—has been named a Leader in this report. Access the full complimentary report from us her...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/06 1:40 p.m.57 views

Automated remediation level 4: Actual automation

Let’s get to automatically remediating already! This entry will be the last in our series based on The 4 Levels of Automated Remediation. After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/02 6:44 p.m.191 views

Metasploit Wrap-Up

Containers that fail to Contain Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker...

9.3CVSS0.6AI score0.9857EPSS
Exploits52
Rapid7 Blog
Rapid7 Blog
added 2021/06/30 6:15 p.m.352 views

CVE-2021-34527 (PrintNightmare): What You Need to Know

Vulnerability note: This blog originally referenced CVE-2020-1675, but members of the community noted the week of June 29 that the publicly available exploits that purported to exploit CVE-2021-1675 may in fact have been targeting a new vulnerability in the same function as CVE-2021-1675. This wa...

9.3CVSS0.5AI score0.99759EPSS
Exploits75
Rapid7 Blog
Rapid7 Blog
added 2021/06/30 3:26 p.m.289 views

ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know

On June 29, 2021, security researcher Michael Stepankin @artsploit posted details of CVE-2021-35464, a pre-auth remote code execution RCE vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many...

1.3AI score0.99999EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2021/06/29 7:4 p.m.31 views

#Rapid7Life Belfast: Why I Joined

Starting a new job at a new company can be daunting, particularly during a global pandemic. With interviews via Zoom, onboarding gone remote, first days at home instead of in a brand new office, and so many other shifts since the onset of the pandemic, switching jobs and companies is probably not...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/28 1:0 p.m.107 views

Automated remediation level 3: Governance and hygiene

Mold it, make it, just don’t fake it At a quick glance, it seems like the title of this blog is “government hygiene.” Most likely, that wouldn’t be a particularly exciting read, but we’re hoping you might be engaged enough to gain a few takeaways from this fourth piece in our series on automating...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/25 7:5 p.m.50 views

3 Takeaways From The 2021 VDBIR: It’s An Appandemic

VDBIR Overview “Appandemic” sounds a bit like “appendectomy.” From a societal standpoint, it’s almost as alarming — if not more so — as the surgical procedure is from a personal standpoint. Because in the midst of the global pandemic we’ve all experienced over the past year and a half, web...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/25 4:15 p.m.161 views

Metasploit Wrap-Up

Cisco ‘Sploits This week’s Metasploit Framework release brings two modules that target Cisco products.The first module, written by our very own jheysel-r7, targets an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform. Vulnerable versions of the Cisco HyperFlex software...

10CVSS0.6AI score0.85649EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2021/06/25 1:0 p.m.52 views

Kill Chains: Part 3→What’s Next

Life, the Universe, and Kill Chains As the final entry in this blog series, we want to quickly recap what we have previously discussed and also look into the possible future of kill chains. If you haven’t already done so, please make sure to read the previous 2 entries in this series: Kill chains...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/23 6:50 p.m.60 views

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device. This is an instance of CWE-798: Use of Hard-coded Credentials, and has an estimated CVSSv3 score of 9.1...

6.9CVSS1.1AI score0.00356EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/23 4:58 p.m.36 views

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

In this episode of Security Nation, we’re joined by Don Spies and Kim Grauer of Chainalysis. They discuss the relationship between ransomware and cryptocurrency and how Chainalysis leverages unique characteristics of the latter to combat the former. Stick around for our Rapid Rundown, where Tod a...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/23 3:59 p.m.56 views

Rapid7 Joins Statement On DMCA Lawsuits Against Security Tools

Rapid7 has joined a statement from members of the cybersecurity community cautioning against using Section 1201 of the Digital Millennium Copyright Act DMCA to suppress beneficial security tools. In the past, Rapid7 has written extensively about DMCA Sec. 1201’s impact on performing independent...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/23 2:4 p.m.40 views

InsightVM Release Announcement: Global Dashboard Filters

InsightVM users have been able to create dashboards, add different visualizations in the form of cards and apply filters to these cards. Rapid7 also provided dashboard templates which enabled users to create views focusing on scenarios such as Microsoft’s Patch Tuesday, identifying and assessing...

7.3AI score
Exploits0
Total number of security vulnerabilities1723