Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/06/22 4:0 p.m.49 views

Attack Surface Analysis Part 3: Red and Purple Teaming

Part 3: Red and Purple Teaming This is the third and final installment in our 2021 series around attack surface analysis. In part 1 I offered a description and the value and challenge of vulnerability assessment. Part 2 explored the why and how of conducting penetration testing and gave some tips...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/22 1:0 p.m.45 views

Automated remediation level 2: Best practices

A low-impact workaround When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process. This framework aligns with the Center for Internet Security Amazon...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/18 4:46 p.m.402 views

Metasploit Wrap-Up

I'm very Emby-ous Community contributor btnz-k has authored a new Emby Version Scanner module consisting of both an exploit and a scanner for the SSRF vulnerability found in Emby. Emby is a previously open source media server designed to organize, play, and stream audio and video to a variety of...

9CVSS0.87154EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2021/06/17 12:8 p.m.42 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Today, Rapid7 released the fourth in our Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast!...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/15 1:0 p.m.38 views

Attack Surface Analysis Part 2: Penetration Testing

In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks. This is the second installment in our 2021 series around attack surface...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/14 2:10 p.m.40 views

Automated remediation level 1: Lock down fundamentals

Non-calamitous conclusions When teams work in silos, they often can have different interpretations of the same data. There’s no way to leverage the real benefits of automated remediation if this is your reality. Ensuring visibility across teams is a critical component in a shared data set where...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/11 7:51 p.m.91 views

Metasploit Wrap-Up

NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...

10CVSS0.6AI score0.99999EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2021/06/10 1:0 p.m.189 views

Attack Surface Analysis Part 1: Vulnerability Scanning

In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks. We’ll start with vulnerability assessment below. BREACH!!! A word you may hea...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/09 5:25 p.m.36 views

[Security Nation] Jeff Man on Mapping the MITRE ATT&CK Framework Against PCI

!\Security Nation\ Jeff Man on Mapping the MITRE ATT&CK Framework Against PCIhttps://blog.rapid7.com/content/images/2021/05/securitynationlogo-1.jpg In this episode of Security Nation, we are joined by Jeff Man, who discusses his work mapping the MITRE ATT&CK Framework against PCI. Stick around f...

0.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/08 2:0 p.m.109 views

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)

Over the course of routine security research, Rapid7 researchers discovered that the Akkadian Provisioning Manager version 4.50.18, a provisioning solution for a Cisco Unified Communications environment, has a trio of vulnerabilities, which, when combined, can lead to remote code execution on the...

1.6AI score0.03023EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2021/06/08 10:0 a.m.100 views

Patch Tuesday - June 2021

It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation CVE-2021-31955, CVE-2021-31956,...

9.3CVSS1.3AI score0.86132EPSS
Exploits77
Rapid7 Blog
Rapid7 Blog
added 2021/06/07 7:46 p.m.126 views

Action! Start putting automation into practice.

Augmented reality No, not that augmented reality. In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business. We’ll discuss how it can augment a security organization’s workflow in so many ways when don...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/07 1:0 p.m.42 views

Kill chains: Part 2→Strategic and tactical use cases

Let’s redefine In our new blog series, we want to contextualize the term “kill chain” as much as possible. Make sure to read the first entry in this series, Kill chains: Part 1→Strategic and operational value, for a general overview of kill chains and the specific frameworks we’ve discussed. We...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/04 7:11 p.m.87 views

Metasploit Wrap-Up

SuiteCRM Log File RCE First time Metasploit Framework contributor mcorybillington has added a new module for SuiteCRM versions 7.11.18 and below. This module takes advantage of the input validation being case sensitive, allowing for an authenticated user to rename the SuiteCRM log file to have an...

9CVSS1AI score0.8633EPSS
Exploits19
Rapid7 Blog
Rapid7 Blog
added 2021/06/04 4:40 p.m.31 views

All about the boundaries: The cloud IAM lifecycle approach

The flightpath If your organization has ever thrown up its collective hands in frustration over chasing endless permissions to be verified or been asked to increase the number of identity policies as you scale up further into the cloud, you likely know how quickly this “situation” can lead to...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/04 2:46 p.m.33 views

Proposed security researcher protection under CFAA

Rapid7 views independent cybersecurity research and the security community as important drivers for advancing cybersecurity for all, a core value for Rapid7. One way we take action on this value is by supporting protection for security researchers acting in good faith. We have spoken out on this...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/03 7:41 p.m.41 views

Supreme Court narrows CFAA

The US Supreme Court issued its long-awaited-by-cybersecurity-nerds opinion on Van Buren v. United States. The case examined whether it was a violation of the Computer Fraud and Abuse Act CFAA for a police officer to access a law enforcement database to obtain information, which the officer then...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/02 9:4 p.m.226 views

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from two restricted shell escape vulnerabilities through the install rpm command present in the clish restricted shell. These issues have been fixed in version 11.1.0.0, released on March 15, 2021. The first, CVE-2021-3198, is an...

0.2AI score0.03307EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/06/01 3:8 p.m.124 views

Rapid7 Named a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing

Rapid7 is excited to share that we have been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing AST We are so excited to share the news that Rapid7 has been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing.Thi...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/01 1:32 p.m.37 views

Creating coefficiency: DevOps, Security, and Compliance

Secure IaC Infrastructure-as-code IaC is a powerful partnership accelerator. As businesses and organizations scale into the cloud to realize its full production-enablement potential, security often struggles to keep up. The ultimate goal on the security horizon is, of course, to prevent risks and...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/01 12:30 p.m.39 views

How the Biden Administration's cybersecurity order will affect companies

“It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The Biden Administration recently issued Executive Order EO 14028, “Improving the Nation’s Cybersecurity,” to...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/28 3:42 p.m.667 views

Metasploit Wrap-Up

RCE Exploit For CVE-2020-0796 SMBGhost This week our very own Spencer McIntyre has added an exploit for CVE-2020-0796, which leverages a vulnerability within the Microsoft Server Message Block 3.1.1 SMBv3 protocol to gain unauthenticated remote code execution against unpatched Windows 10 v1903 an...

7.5CVSS0.3AI score0.9981EPSS
Exploits142
Rapid7 Blog
Rapid7 Blog
added 2021/05/28 2:18 p.m.38 views

5 questions to answer before spending big on cloud security

Do your tool diligence Convincing people to sign off on big cloud security spends is, most assuredly, a never-ending process. Because every so often be it in 6 months, 1 year, 2 years, your security organization will have to pitch to the check-writers all over again. Of course, we all know it’s...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/27 2:1 p.m.43 views

Kill chains: Part 1→Strategic and operational value

It really is a good thing The term “kill chain” sounds extremely harsh. Almost as if after something is killed, it gets moved down the chain to be killed again. How dramatic! Indeed, the original definition was to describe how an enemy combatant of the military might attack; that is, the steps th...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/26 7:58 p.m.33 views

[Security Nation] How Robert Black Wards Off Cyber-Attackers with Deception Techniques

!\Security Nation\ How Robert Black Wards Off Cyber-Attackers with Deception Techniqueshttps://blog.rapid7.com/content/images/2021/05/securitynationlogo-2.jpg In our latest episode of Security Nation, we talk with Robert Black, Deputy Director of the UK National Cyber Deception Lab, about his wor...

1.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/26 6:57 p.m.564 views

CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability

On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client HTML5 component of vCenter Server 6.5, 6.7, and 7.0 and VMware Cloud Foundation 3.x and 4.x. The vulnerabilit...

10CVSS0.8AI score0.99999EPSS
Exploits58
Rapid7 Blog
Rapid7 Blog
added 2021/05/24 2:58 p.m.30 views

Reducing Risk With Identity Access Management (IAM)

A cloudy picture of identity and access As your supply chain grows, so does your attack surface. As business scales up and cloud providers release new services and resources to support, it becomes exponentially more challenging for security teams to manage access. With this growth, an intrinsic —...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/21 7:11 p.m.141 views

Metasploit Wrap-Up

Dell DBUtil23.sys IOCTL memmove privilege escalation Our very own zeroSteiner added a new module, which exploits insufficient access control in Dell's dbutil23.sys firmware update driver included in the Dell Bios Utility that comes pre-installed with most Windows machines. The driver accepts...

9.3CVSS0.7AI score0.99295EPSS
Exploits103
Rapid7 Blog
Rapid7 Blog
added 2021/05/21 6:45 p.m.49 views

Want to stay ahead of emerging threats? Here’s how.

Are you working with good information? A key question security organizations might ask themselves with regard to emerging — or imminent — threats: Are the systems we have logging the correct information? They may need that information to hunt threats or to reconstruct what an attacker did while...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/21 2:0 p.m.27 views

Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Every major corporation on Earth is a technology company. It is unthinkable that a business that generates billions of dollars in revenue and employs thousands of workers would not have a significa...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/21 9:0 a.m.26 views

Calling for cybersecurity in infrastructure modernization

Yesterday, Rapid7 sent a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation. The letter was signed by 19 companies, industry associations, and nonprofit groups who collaborated on the recommendations. The letter...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/19 6:9 p.m.40 views

How to Implement Secure and Compliant IaC

Success lies in security True separation of developer and security teams is becoming a thing of the past. Today’s cloud environments enable deployments at previously unheard-of speed and scale; there simply isn’t time to build infrastructure, then code, then hand it all off for security...

0.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/18 7:21 p.m.23 views

A Look Into Remote Onboarding at Rapid7

Picture this; you accept a new role and walk in on your first day with jitters. You swing the double doors open and are welcomed by the fresh scent of kombucha on tap and the buzz of office chatter. The front desk receptionist welcomes you with a warm “hello!” and a freshly brewed tea or coffee. ...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/17 1:52 p.m.44 views

How to Address the Current Complexity and Chaos of Cloud IAM

Cloudy judgement Combining the separate themes of cloud technology and identity access management IAM might seem like an oxymoron in today’s endlessly scaling environments, but there’s really no going back in the box when it comes to the promise of cloud in driving innovation. The fact is, securi...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/14 5:29 p.m.145 views

Metasploit Wrap-Up

Stopped at the gate? A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements...

6.8CVSS1.2AI score0.99981EPSS
Exploits44
Rapid7 Blog
Rapid7 Blog
added 2021/05/14 2:50 p.m.39 views

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Tom Sellers. There are certain services that are generally considered to be high-risk when found available on the public internet. As an exampl...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/13 8:8 p.m.35 views

Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help

As the attack surface continues to grow, the job of a security professional is getting exponentially more complicated. With the surge in remote work over the last year, this has only accelerated. To keep up and combat key security operations challenges, many organizations are making the move to t...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/13 5:5 p.m.106 views

Rapid7’s Response to Codecov Incident

Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/12 4:29 p.m.56 views

[Security Nation] Megan Stifel and Ciaran Martin discuss the sticky issue of ransomware payments

!\Security Nation\ Megan Stifel and Ciaran Martin discuss the sticky issue of ransomware paymentshttps://blog.rapid7.com/content/images/2021/05/securitynationlogo.jpg In this episode of Security Nation, we are joined by Ciaran Martin of Oxford University and Megan Stifel of the Cyber Global...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/12 2:5 p.m.36 views

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ formerly CBS All Access streaming platform. Delivering digital content to millions of users on a daily basis doesn’t happen on its own—it makes it to...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/11 11:44 p.m.188 views

Patch Tuesday - May 2021

Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...

9.3CVSS0.5AI score0.99782EPSS
Exploits53
Rapid7 Blog
Rapid7 Blog
added 2021/05/11 8:51 p.m.72 views

Patch Tuesday Dashboard Template Release

We know that many security teams rely on Microsoft’s patch cycle to remediate vulnerabilities in their environments. However, every month , Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/10 1:59 p.m.136 views

MDR Vendor Must-Haves, Part 10: Included Security Orchestration and Automation

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Cybersecurity teams continue to be challenged by resource constraints and disconnected toolsets. One method of...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/07 7:41 p.m.176 views

Metasploit Wrap-Up

Two new Active Directory attacks This week we added a pair of new post-exploitation modules from community contributor timb-machine. Both modules target UNIX machines running SSSD or One Identity's Vintela Authentication Services VAS as Active Directory integration solutions. The new UNIX Gather...

10CVSS0.9674EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2021/05/07 6:5 p.m.38 views

The Evolution of DevOps in 2021

DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production. While in the past, IT and software development teams suffered from lengthy processes and struggled to resolve incompatible priorities, now DevOps allows for easier collaboration, as well...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/07 2:0 p.m.22 views

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/06 7:29 p.m.214 views

MDR Vendor Must-Haves, Part 9: Assigned Analyst Pods and Security Program Advisors

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Every organization is unique, with different goals, missions, security maturities, staffing models, technologies...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/05 7:24 p.m.52 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/04 1:29 p.m.39 views

4 DevOps Challenges to Cloud Security and Compliance—and How IaC Can Help

To react or to prevent? The term “cure” is generally a positive one. However, in cloud security, it assumes a reactive position to some vulnerability or breach that’s already taken place. When it comes down to it, DevOps and Security teams—we all hope—are working together toward a culture of...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/03 10:36 p.m.175 views

Kubernetes Security Is Not Container Security

Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...

7.2AI score
Exploits0
Total number of security vulnerabilities1723