1723 matches found
Securing Kubernetes Deployments From Runway to Takeoff
Kubernetes use is rising rapidly—according to a 2019 Cloud Native Computing Foundation CNCF survey, 78% of respondents say they use Kubernetes today 58% more respondents than the previous year. With numbers like those, it looks like everyone is headed toward the cloud. But as with any journey, yo...
Grow, Develop, and Impact More Than Just Your Career: Software Engineering at Rapid7 Belfast
Growth and learning – in any career at any level – are imperative for job satisfaction and company commitment. While it is necessary to have inherent curiosity as well as a desire to grow and achieve, it is also important to work for an organization that encourages and enables this curiosity and...
Metasploit Wrap-Up
Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the...
DevSecOps and the New Scope of Application Development
Hand in hand: Application development and application security As expectations of developers change, so too do those of security teams. It’s more of a collective effort than ever as business dependence on applications continues to grow. Security must shift further left into the software developme...
[Security Nation] Marina Ciavatta and int eighty Put the Fun into Hacking With Hacking Esports and Dual Core Music
!\Security Nation\ Marina Ciavatta and int eighty Put the Fun into Hacking With Hacking Esports and Dual Core Musichttps://blog.rapid7.com/content/images/2021/04/securitynationlogo-65.jpg In this episode of Security Nation, we are joined by Marina Ciavatta and int eighty to talk about Hacking...
What's New in DivvyCloud by Rapid7: April 2021
Keeping you on scheduler The latest release of DivvyCloud 21.3 encompasses many of the standard changes that we included in each major release, from bug fixes to support for new cloud resources to new filters and other enhancements. As always, all the details are available in the release notes...
Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500
This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Kwan Lin. We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also...
What’s New in InsightVM: Q1 2021 in Review
Are you ready to return to the office? At many companies around the world, plans are being put into place for a phased workforce return to physical offices. With big moves come big changes, which inevitably reveal new vulnerabilities. For many across the security landscape, it’s as if hundreds of...
Metasploit Wrap-Up
Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...
MDR Vendor Must-Haves, Part 8: Rapid7 Incident Response (Breach) Support
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” This is possibly the most overlooked aspect of selecting an MDR partner. But when you get to a hair-on-fire,...
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, April 20, 2021, security firm FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN. According to FireEye’s analysis, threat actors have been leveraging multiple techniques to bypass single- and multi-factor authentication on Puls...
The Future is Friction-Free: Drive Innovation With DevOps + Security
Going from a centralized security group that dictates a “command and control” approach to cloud security toward a model of “trust but verify,” is at the core of the modern shift toward security-practice democratization. Organizational practices behind legacy, centralized data centers are being...
Rapid7 and Velociraptor Join Forces
Exciting news! Rapid7 has acquired a digital forensics and incident response DFIR framework. Velociraptor is an open-source project that allows for hunting across thousands of hosts to provide actionable data in minutes and unprecedented visibility into the state of endpoints. A cyberattack can...
Overview of the EU’s draft NIS 2 Directive
Anticipating stronger security requirements for critical EU sectors A pdf copy of this brief is available here. The EU Commission recently proposed a revision to its Directive on Security of Network and Information Systems NIS. The existing NIS Directive “NIS 1” requires EU Member States to enact...
How to Turbocharge Your Phishing Response Plan
A quick reaction to a phishing threat can mean the difference between a massive breach or a fast fix. This reaction typically requires strong coordination across non-tech employees and their teammates over in security who can help them verify and conquer phishing campaigns. In any organization wi...
Rapid7 Announces Kubernetes Integration General Availability in InsightVM
Rapid7 is excited to announce the general availability of our Kubernetes integration in InsightVM, our vulnerability management tool.This represents a step forward in Rapid7’s ability to provide vulnerability and remediation management capabilities for container environments. Kubernetes is the mo...
Metasploit Wrap-Up
Google Chrome exploits return Community member r4j0x00 contributed a new module for CVE-2020-16040, an integer overflow in the SimplifiedLowering phase of TurboFan in Google Chrome = 87.0.4280.66 that grants attackers RCE. Whilst the exploit in and of itself does not grant RCE by default, unless...
Codecov Discloses Supply Chain Compromise
The following blog was co-authored by Curt Barnard and Caitlin Condon. On April 15, 2021, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization, enabling the...
MDR Vendor Must-Haves, Part 7: Managed Response Actions
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Security teams face unprecedented challenges as the threat landscape expands in scope and complexity. More...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350
Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...
Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM
Security teams often struggle to demonstrate the efficacy and progress of their organization’s vulnerability and remediation management program. This is a result of the complexity around identifying, collecting, and visualizing complicated metrics. InsightVM’s Executive Summary Report has proved ...
How Philip Reiner Created the Ransomware Task Force
In our latest episode of Security Nation, we talk to Philip Reiner about his work with the Ransomware Task Force. Stick around for our Rapid Rundown, where Tod talks about a recently released bulletin from CISA about APT exploiting both new and old SAP vulnerabilities. Want More Inspiring Stories...
Patch Tuesday - April 2021
Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical...
CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)
Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS, which could result in information disclosure issues involving the Automox infrastructure. CVE-2021-26908 describes a vulnerability where Automox Agent improperly logs sensitive information on...
MDR Must-Haves, Part 6: Threat Validation and Detailed Reporting
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Engaging a managed security service provider—either a traditional MSSP or MDR provider—should never involve...
Metasploit Wrap-Up
Spilling the Gitea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user’s ability to create Git hooks by authenticating with the web interface, creating a dummy...
MDR Vendor Must-Haves, Part 5: Multiple Threat Detection Methodologies, Including Deep Attacker Behavior Analysis
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR service providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Let’s start with an analogy: Say you’re a fisherman out on a mission to specifically catch tuna. You thr...
What’s New in InsightIDR: Q1 2021 in Review
Back at the start of the year, we reflected on some of our 2020 InsightIDR product investments and took a look at what was ahead in 2021 see the blog here. As the first quarter of the year comes to a close, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR,...
Attackers Targeting Fortinet Devices and SAP Applications
The following blog was co-authored by Caitlin Condon and Bob Rudis, also known in his own words as “some caveman from Maine.” Last week, the U.S. Cybersecurity and Infrastructure Security Agency CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting...
Kubernetes Namespaces Are Not as Secure as You Think
In a previous article, we described how the usage of namespaces in Kubernetes significantly simplifies the management of a Kubernetes cluster. However, managing multiple microservices on the same cluster comes with a security cost when not planned correctly. A common misconception around namespac...
Looking Back and Moving Forward With Rapid7’s Cloud Security Solution
This blog post was co-authored by Jamie Gale and Charles Stokes. Done with Q1 The DivvyCloud by Rapid7 team has had a busy and productive start to 2021, and we anticipate that the rest of this year will be equally exciting for our valued customers. In the first three months alone, we incorporated...
Security Isn’t a Four-Letter Word: How Infrastructure as Code (IaC) Amplifies DevOps Through the Inclusion of Security
Our fast-paced lives are fueled by innovative, cloud-native companies. We are able to watch our favorite programs and movies from anywhere in the world on any device. We are able to collaborate with our colleagues on an upcoming presentation, regardless of whether we’re in the office or at home...
A Quick Look Into Cloud Infrastructure Entitlement Management (CIEM)
The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...
A Quick Look Into Cloud Workload Protection Platforms (CWPPs)
The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...
MDR Vendor Must-Haves, Part 4: Ingestion of Authentication Data Across Local, Domain, and Cloud Sources
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” There isn’t a single threat or breach that doesn’t involve attackers using legitimate credentials to cause harm...
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500
Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not...
A Quick Look Into Cloud Security Posture Management (CSPM)
The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security...
InsightIDR’s Log Search: Recent Enhancements and Upcoming Investments
Log data is critical to ensuring that you have full visibility into what’s going on across your environment. Alongside endpoint and network data, log data enables teams to detect malicious activity, prove compliance, and have better visibility across their environment. Within InsightIDR, our Log...
What’s New in InsightAppSec and tCell: Q1 2021 in Review
2021 is off and running! The big question on the corporate world’s mind is, of course, “What will work life look like at the end of 2021?” With vaccines rolling out around the world, another shift is set to take place around when and where people put in their hours. As offices slowly start to...
Metasploit Wrap-Up
Sprinkle on the Modules The first quarter of 2021 has given us wave after wave of Exchange vulnerabilities, and while our awesome contributors helped us continue coverage with another Exchange module we were able to add to Metasploit, we also added modules covering very heavy-hitting...
[Security Nation] Beau Woods and Fotios Chantzis Discuss Their New Book, "Practical IoT Hacking"
!\Security Nation\ Beau Woods and Fotios Chantzis Discuss Their New Book, https://blog.rapid7.com/content/images/2021/04/securitynationlogo-63.jpg In our latest episode of Security Nation, we speak with Beau Woods and Fotios Chantzis about their newly released book, "Practical IoT Hacking." Stick...
MDR Vendor Must-Haves, Part 3: Ingestion of Other Technology Investments
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” By the time you’re ready to invest in a Managed Detection and Response MDR service, you’ve likely already invest...
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of which is an authenticated remote code execution flaw due to a JSON deserialization weakness. Fixes for these weaknesses are in Orion Platform 2020.2.5. Given the...
MDR Vendor Must-Haves, Part 2: Ingestion of Network Device Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” There are many factors to consider when assessing which Managed Detection and Response MDR vendor is the right f...
Metasploit Wrap-Up
ProxyLogon More Microsoft news this week! Firstly, a big thank you to community contributors GreyOrder, Orange Tsai, and mekhalleh RAMELLA Sébastien, who added three new modules that allow an attacker to bypass authentication and impersonate an administrative user CVE-2021-26855 on vulnerable...
DivvyCloud Adds Support for IAM Analyzer Policy Recommendations
Last week, Amazon Web Services AWS announced an improvement to its IAM Access Analyzer that allows its users to proactively analyze and validate Identity & Access Management IAM policies against more than 100 checks and receive actionable recommendations on improving its security and efficacy. By...
Attack vs. Data: What You Need to Know About Threat Hunting
Mitigate threats by going on the offensive While the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of implementing a threat-hunting program is a bit more complicated, as there are different threat-hunting methodologies to choose from. In order to...
Rapid7 Recognized as a Strong Performer in the Inaugural Forrester Wave™ for MDR, Q1 2021
Independent research firm cites Rapid7 MDR’s “security professionals with extensive incident response and threat hunting experience” delivering a “white-glove, behavioral detection-inspired” service. Detection and response is a critical component to any security program, but standing up an...
MDR Vendor Must-Haves, Part 1: Deep Observation of Real-Time Endpoint Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Assessing Managed Detection and Response MDR vendors is no easy task. However, evaluating each based on...