1723 matches found
Attack Surface Analysis Part 3: Red and Purple Teaming
Part 3: Red and Purple Teaming This is the third and final installment in our 2021 series around attack surface analysis. In part 1 I offered a description and the value and challenge of vulnerability assessment. Part 2 explored the why and how of conducting penetration testing and gave some tips...
Automated remediation level 2: Best practices
A low-impact workaround When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process. This framework aligns with the Center for Internet Security Amazon...
Metasploit Wrap-Up
I'm very Emby-ous Community contributor btnz-k has authored a new Emby Version Scanner module consisting of both an exploit and a scanner for the SSRF vulnerability found in Emby. Emby is a previously open source media server designed to organize, play, and stream audio and video to a variety of...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard
Today, Rapid7 released the fourth in our Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast!...
Attack Surface Analysis Part 2: Penetration Testing
In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks. This is the second installment in our 2021 series around attack surface...
Automated remediation level 1: Lock down fundamentals
Non-calamitous conclusions When teams work in silos, they often can have different interpretations of the same data. There’s no way to leverage the real benefits of automated remediation if this is your reality. Ensuring visibility across teams is a critical component in a shared data set where...
Metasploit Wrap-Up
NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...
Attack Surface Analysis Part 1: Vulnerability Scanning
In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks. We’ll start with vulnerability assessment below. BREACH!!! A word you may hea...
[Security Nation] Jeff Man on Mapping the MITRE ATT&CK Framework Against PCI
!\Security Nation\ Jeff Man on Mapping the MITRE ATT&CK Framework Against PCIhttps://blog.rapid7.com/content/images/2021/05/securitynationlogo-1.jpg In this episode of Security Nation, we are joined by Jeff Man, who discusses his work mapping the MITRE ATT&CK Framework against PCI. Stick around f...
Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)
Over the course of routine security research, Rapid7 researchers discovered that the Akkadian Provisioning Manager version 4.50.18, a provisioning solution for a Cisco Unified Communications environment, has a trio of vulnerabilities, which, when combined, can lead to remote code execution on the...
Patch Tuesday - June 2021
It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation CVE-2021-31955, CVE-2021-31956,...
Action! Start putting automation into practice.
Augmented reality No, not that augmented reality. In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business. We’ll discuss how it can augment a security organization’s workflow in so many ways when don...
Kill chains: Part 2→Strategic and tactical use cases
Let’s redefine In our new blog series, we want to contextualize the term “kill chain” as much as possible. Make sure to read the first entry in this series, Kill chains: Part 1→Strategic and operational value, for a general overview of kill chains and the specific frameworks we’ve discussed. We...
Metasploit Wrap-Up
SuiteCRM Log File RCE First time Metasploit Framework contributor mcorybillington has added a new module for SuiteCRM versions 7.11.18 and below. This module takes advantage of the input validation being case sensitive, allowing for an authenticated user to rename the SuiteCRM log file to have an...
All about the boundaries: The cloud IAM lifecycle approach
The flightpath If your organization has ever thrown up its collective hands in frustration over chasing endless permissions to be verified or been asked to increase the number of identity policies as you scale up further into the cloud, you likely know how quickly this “situation” can lead to...
Proposed security researcher protection under CFAA
Rapid7 views independent cybersecurity research and the security community as important drivers for advancing cybersecurity for all, a core value for Rapid7. One way we take action on this value is by supporting protection for security researchers acting in good faith. We have spoken out on this...
Supreme Court narrows CFAA
The US Supreme Court issued its long-awaited-by-cybersecurity-nerds opinion on Van Buren v. United States. The case examined whether it was a violation of the Computer Fraud and Abuse Act CFAA for a police officer to access a law enforcement database to obtain information, which the officer then...
CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities
Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from two restricted shell escape vulnerabilities through the install rpm command present in the clish restricted shell. These issues have been fixed in version 11.1.0.0, released on March 15, 2021. The first, CVE-2021-3198, is an...
Rapid7 Named a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing
Rapid7 is excited to share that we have been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing AST We are so excited to share the news that Rapid7 has been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing.Thi...
Creating coefficiency: DevOps, Security, and Compliance
Secure IaC Infrastructure-as-code IaC is a powerful partnership accelerator. As businesses and organizations scale into the cloud to realize its full production-enablement potential, security often struggles to keep up. The ultimate goal on the security horizon is, of course, to prevent risks and...
How the Biden Administration's cybersecurity order will affect companies
“It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The Biden Administration recently issued Executive Order EO 14028, “Improving the Nation’s Cybersecurity,” to...
Metasploit Wrap-Up
RCE Exploit For CVE-2020-0796 SMBGhost This week our very own Spencer McIntyre has added an exploit for CVE-2020-0796, which leverages a vulnerability within the Microsoft Server Message Block 3.1.1 SMBv3 protocol to gain unauthenticated remote code execution against unpatched Windows 10 v1903 an...
5 questions to answer before spending big on cloud security
Do your tool diligence Convincing people to sign off on big cloud security spends is, most assuredly, a never-ending process. Because every so often be it in 6 months, 1 year, 2 years, your security organization will have to pitch to the check-writers all over again. Of course, we all know it’s...
Kill chains: Part 1→Strategic and operational value
It really is a good thing The term “kill chain” sounds extremely harsh. Almost as if after something is killed, it gets moved down the chain to be killed again. How dramatic! Indeed, the original definition was to describe how an enemy combatant of the military might attack; that is, the steps th...
[Security Nation] How Robert Black Wards Off Cyber-Attackers with Deception Techniques
!\Security Nation\ How Robert Black Wards Off Cyber-Attackers with Deception Techniqueshttps://blog.rapid7.com/content/images/2021/05/securitynationlogo-2.jpg In our latest episode of Security Nation, we talk with Robert Black, Deputy Director of the UK National Cyber Deception Lab, about his wor...
CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability
On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client HTML5 component of vCenter Server 6.5, 6.7, and 7.0 and VMware Cloud Foundation 3.x and 4.x. The vulnerabilit...
Reducing Risk With Identity Access Management (IAM)
A cloudy picture of identity and access As your supply chain grows, so does your attack surface. As business scales up and cloud providers release new services and resources to support, it becomes exponentially more challenging for security teams to manage access. With this growth, an intrinsic —...
Metasploit Wrap-Up
Dell DBUtil23.sys IOCTL memmove privilege escalation Our very own zeroSteiner added a new module, which exploits insufficient access control in Dell's dbutil23.sys firmware update driver included in the Dell Bios Utility that comes pre-installed with most Windows machines. The driver accepts...
Want to stay ahead of emerging threats? Here’s how.
Are you working with good information? A key question security organizations might ask themselves with regard to emerging — or imminent — threats: Are the systems we have logging the correct information? They may need that information to hunt threats or to reconstruct what an attacker did while...
Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Every major corporation on Earth is a technology company. It is unthinkable that a business that generates billions of dollars in revenue and employs thousands of workers would not have a significa...
Calling for cybersecurity in infrastructure modernization
Yesterday, Rapid7 sent a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation. The letter was signed by 19 companies, industry associations, and nonprofit groups who collaborated on the recommendations. The letter...
How to Implement Secure and Compliant IaC
Success lies in security True separation of developer and security teams is becoming a thing of the past. Today’s cloud environments enable deployments at previously unheard-of speed and scale; there simply isn’t time to build infrastructure, then code, then hand it all off for security...
A Look Into Remote Onboarding at Rapid7
Picture this; you accept a new role and walk in on your first day with jitters. You swing the double doors open and are welcomed by the fresh scent of kombucha on tap and the buzz of office chatter. The front desk receptionist welcomes you with a warm “hello!” and a freshly brewed tea or coffee. ...
How to Address the Current Complexity and Chaos of Cloud IAM
Cloudy judgement Combining the separate themes of cloud technology and identity access management IAM might seem like an oxymoron in today’s endlessly scaling environments, but there’s really no going back in the box when it comes to the promise of cloud in driving innovation. The fact is, securi...
Metasploit Wrap-Up
Stopped at the gate? A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements...
Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Tom Sellers. There are certain services that are generally considered to be high-risk when found available on the public internet. As an exampl...
Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help
As the attack surface continues to grow, the job of a security professional is getting exponentially more complicated. With the surge in remote work over the last year, this has only accelerated. To keep up and combat key security operations challenges, many organizations are making the move to t...
Rapid7’s Response to Codecov Incident
Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard...
[Security Nation] Megan Stifel and Ciaran Martin discuss the sticky issue of ransomware payments
!\Security Nation\ Megan Stifel and Ciaran Martin discuss the sticky issue of ransomware paymentshttps://blog.rapid7.com/content/images/2021/05/securitynationlogo.jpg In this episode of Security Nation, we are joined by Ciaran Martin of Oxford University and Megan Stifel of the Cyber Global...
How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs
Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ formerly CBS All Access streaming platform. Delivering digital content to millions of users on a daily basis doesn’t happen on its own—it makes it to...
Patch Tuesday - May 2021
Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...
Patch Tuesday Dashboard Template Release
We know that many security teams rely on Microsoft’s patch cycle to remediate vulnerabilities in their environments. However, every month , Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these...
MDR Vendor Must-Haves, Part 10: Included Security Orchestration and Automation
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Cybersecurity teams continue to be challenged by resource constraints and disconnected toolsets. One method of...
Metasploit Wrap-Up
Two new Active Directory attacks This week we added a pair of new post-exploitation modules from community contributor timb-machine. Both modules target UNIX machines running SSSD or One Identity's Vintela Authentication Services VAS as Active Directory integration solutions. The new UNIX Gather...
The Evolution of DevOps in 2021
DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production. While in the past, IT and software development teams suffered from lengthy processes and struggled to resolve incompatible priorities, now DevOps allows for easier collaboration, as well...
Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...
MDR Vendor Must-Haves, Part 9: Assigned Analyst Pods and Security Program Advisors
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Every organization is unique, with different goals, missions, security maturities, staffing models, technologies...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200
Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...
4 DevOps Challenges to Cloud Security and Compliance—and How IaC Can Help
To react or to prevent? The term “cure” is generally a positive one. However, in cloud security, it assumes a reactive position to some vulnerability or breach that’s already taken place. When it comes down to it, DevOps and Security teams—we all hope—are working together toward a culture of...
Kubernetes Security Is Not Container Security
Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...