Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/03/23 2:4 p.m.3606 views

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM. One of the major reasons these latest vulnerabilities are so dangerous and appealing to attackers is that they...

7.5CVSS10AI score0.99999EPSS
Exploits114
Rapid7 Blog
Rapid7 Blog
added 2021/03/22 3:7 p.m.120 views

SOC Automation with InsightIDR and InsightConnect: Three Key Use Cases to Explore to Optimize Your Security Operations

You probably already know that SOC automation with InsightIDR and InsightConnect can decrease your MeanTimeToResponse. It may not be a surprise that automating your security operations will augment your team’s skills and expertise to detect and respond to threats with super speed. You can even...

0.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/19 5:42 p.m.97 views

Metasploit Wrap-Up

Windows Server 2012 Fun Community contributor Erik Wynter added a local exploit module for a DLL hijacking vulnerability he discovered in Windows Server 2012. The TiWorker.exe process that runs as NT AUTHORITY\SYSTEM attempts to load SrClient.dll, which does not exist on the system. Because of...

10CVSS9.4AI score0.91303EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2021/03/18 8:31 p.m.11 views

Top Security Trends Driving Threat Detection and Response Priorities Today

The threat landscape continues to grow at a rapid pace, and organizations need security solutions that can keep up. A modern SaaS SIEM is built in the cloud, provides extended coverage across diverse data sources, and leverages automation to expedite response and containment, making it a great to...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/18 8:19 p.m.224 views

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

Update March 25, 2021: CVE-2021-22986 is now being actively exploited in the wild by a range of malicious actors. Rapid7 has in-depth technical analysis on this vulnerability, including proof-of-concept code and information on indicators of compromise, available here. On March 10, 2021, F5...

0.8AI score0.99898EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2021/03/16 1:2 p.m.46 views

Rapid7 Announces Release of New tCell Amazon CloudFront Agent

Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks CDNs such as Amazon CloudFront are on the rise, pushing content closer to end users to improve the performance of web applications. To protect web applications security tea...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/12 9:45 p.m.369 views

Metasploit Wrap-Up

Archive directory traversals, now with your daily allowance of JSP In a year already full of hot vulnerabilities, CVE-2021-21972 in VMware's vCenter Server may already seem like old news. It's not, though! Thanks to wvu-r7 for grabbing this unauthenticated file upload combined with archive...

10CVSS1.5AI score0.9957EPSS
Exploits55
Rapid7 Blog
Rapid7 Blog
added 2021/03/11 1:57 p.m.56 views

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

2020 was a tumultuous year for vulnerability risk management. Defenders had to contend with a growing volume of high-priority security threats, many of them in internet-facing technologies deployed to enable and secure a suddenly remote workforce. New communications from the U.S. National Securit...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/10 3:38 p.m.52 views

InsightIDR’s NTA Capabilities Expanded to AWS

We’re excited to announce we have expanded the Network Traffic Analysis NTA capabilities in InsightIDR to support Amazon Web Services AWS environments. This means InsightIDR and MDR customers can now ingest detailed network data from AWS, including north/south and east/west traffic across a...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/09 10:13 p.m.161 views

Patch Tuesday - March 2021

Another Patch Tuesday 2021-Mar is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server...

10CVSS0.6AI score0.99999EPSS
Exploits106
Rapid7 Blog
Rapid7 Blog
added 2021/03/09 3:33 p.m.25 views

What's New in DivvyCloud by Rapid7: February 2021 Feature Releases

February was another busy month. Internally, as we work to improve our processes, we are still committed to maintaining our frequent release cadence. Our releases, both minor and major, ensure that customers have access to valuable improvements, features, expanded support capabilities, and bug...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/08 4:51 p.m.117 views

How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments

This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in participating in the next summit on March 9? Register here! The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/05 5:20 p.m.183 views

Metasploit Wrap-Up

FortiOS Path Traversal Returning community contributor mekhalleh submitted a module targeting a path traversal vulnerability within the SSL VPN web portal in multiple versions of FortiOS. The flaw is leveraged to read the usernames and passwords of currently logged in users which are stored in...

9.3CVSS0.6AI score0.99999EPSS
Exploits77
Rapid7 Blog
Rapid7 Blog
added 2021/03/03 7:23 p.m.438 views

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, 2021, the Microsoft Threat Intelligence Center MSTIC released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server. MSTIC attributes this campaign to HAFNIUM, a group “assessed to be...

7.5CVSS9.4AI score0.99999EPSS
Exploits69
Rapid7 Blog
Rapid7 Blog
added 2021/03/03 2:59 p.m.30 views

IAM Never Gonna Give You Up, Never Gonna Breach Your Cloud

This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in participating in the next summit on Tuesday, March 9? Register here! Identity and access management IAM credentials have solved myriad security issues, but the recent...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/03 12:41 a.m.1859 views

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...

7.5CVSS0.99999EPSS
Exploits73
Rapid7 Blog
Rapid7 Blog
added 2021/03/02 7:53 p.m.1023 views

Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)

The following blog post was co-authored by Andrew Christian and Brendan Watters. Beginning Feb. 27, 2021, Rapid7’s Managed Detection and Response MDR team has observed a notable increase in the automated exploitation of vulnerable Microsoft Exchange servers to upload a webshell granting attackers...

1.6AI score0.99999EPSS
Exploits71
Rapid7 Blog
Rapid7 Blog
added 2021/03/01 4:21 p.m.41 views

How to Achieve and Maintain Continuous Cloud Compliance

This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in participating in the next summit on Tuesday, March 9? Register here! There are two things that make data a hot topic. First, keeping track of your organization’s sheer...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/26 7:23 p.m.205 views

Metasploit Wrap-Up

Hey who finked about Flink? In this week's round of modules, contributor bcoles offered up two modules to leverage that Apache Flink install you found in some fun new ways. If you are just looking to filch a few files, auxiliary/scanner/http/apacheflinkjobmanagertraversal leverages CVE-2020-17519...

7.2CVSS8.7AI score0.99295EPSS
Exploits95
Rapid7 Blog
Rapid7 Blog
added 2021/02/26 3:58 p.m.29 views

Celebrating Black History Today and Every Day

Black History Month is a time for every person, from all different backgrounds to honor and celebrate the achievements of Black and African Americans in the U.S. and their impact on world history. In honor of Black History Month, we would like to recognize some of our amazing team members who hav...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/25 9:36 p.m.38 views

Building a Holistic VRM Strategy That Includes the Web Application Layer

Building security into your overall vulnerability risk management VRM strategy is a must-do in the age of the all-important web app. Between security and IT-Ops teams, there are a number of steps in the VRM process, including asset identification, enumeration, prioritization, and remediation. How...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/25 3:14 p.m.87 views

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application...

10CVSS1.2AI score0.14359EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/24 10:22 p.m.789 views

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

This blog post was co-authored by Bob Rudis and Caitlin Condon. What’s up? On Feb. 23, 2021, VMware published an advisory VMSA-2021-0002 describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. Before digging into the individual vulnerabilities, it is...

10CVSS0.9AI score0.9957EPSS
Exploits54
Rapid7 Blog
Rapid7 Blog
added 2021/02/24 3:30 p.m.18 views

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

At Rapid7, our software engineers defend the digital world and design the future of security. With a supportive, collaborative team, immense learning and development opportunities to fine-tune and hone in on skills and knowledge, opportunities to work with innovative technology, and the pursuance...

3.3CVSS0.1AI score0.00998EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2021/02/22 2:35 p.m.51 views

How to Combat Alert Fatigue With Cloud-Based SIEM Tools

Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating data as organizations adopt more tools to stay on top of their sprawling environments. And with an abundance of tools comes an abundance of alerts,...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/19 5:55 p.m.86 views

Metasploit Wrap-Up

GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code GSoC participants has authored a PR containing both enhancements & a new module! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified with both a test modul...

10CVSS9.6AI score0.95657EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2021/02/19 3:15 p.m.43 views

Take the Full-Stack Approach to Securing Your Modern Attack Surface

A growing remote-work culture demands a graduation in the approach to security. It’s time to test, monitor, secure, and extend to the application layer. A modern methodology for vulnerability management VM is vital for organizations looking to minimize attack surfaces by prioritizing potential...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/18 2:22 p.m.51 views

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/17 12:30 p.m.39 views

Why More Teams are Shifting Security Analytics to the Cloud This Year

As the threat landscape continues to evolve in size and complexity, so does the security skills and resource gap, leaving organizations both understaffed and overwhelmed. An ESG study found that 63% of organizations say security is more difficult than it was two years ago. Teams cite the growing...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/16 9:53 p.m.49 views

Monitor Google Cloud Platform (GCP) Data With InsightIDR

InsightIDR was built in the cloud to support dynamic and rapidly changing environments—including remote workers, hybrid cloud and on-premises architectures, and fully cloud environments. Today, more and more organizations are adopting multi-cloud or hybrid environments, creating increasingly more...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/12 7:26 p.m.178 views

Metasploit Wrap-Up

MicroFocus? More like MacroVuln MicroFocus’s Operations Bridge Manager is a security information and event management SIEM tool designed to collect and parse security logs from multiple disparate sources. OBM has a large attack surface—something Pedro Ribeiro was able to take advantage of with hi...

9CVSS8.8AI score0.99295EPSS
Exploits94
Rapid7 Blog
Rapid7 Blog
added 2021/02/12 2:42 p.m.41 views

Talkin’ SMAC: Alert Labeling and Why It Matters

If you’ve ever worked in a Security Operations Center SOC, you know that it’s a special place. Among other things, the SOC is a massive data-labeling machine, and generates some of the most valuable data in the cybersecurity industry. Unfortunately, much of this valuable data is often rendered...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/12 2:36 p.m.47 views

New InsightVM Dashboard Helps You Discover Significant Changes in Your Environment from the Past 30 Days

Organizations are in a constant struggle to identify and reduce risks in their constantly changing environments. These changes may manifest by several means and can be recurring events. For example: 1. Laptops and other devices are commissioned or decommissioned due to changes in the workforce. 2...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/11 9:18 p.m.108 views

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function." This vulnerability CVE-2021-22652 has a CVSSv3 score of 9.8, which is usually CRITICAL, since it effectively allows anyone who can connect to the iView server to run...

7.5CVSS0.1AI score0.36845EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2021/02/10 3:23 p.m.19 views

SOAR Tools: What to Look for When Investing in Security Automation Tech

Security orchestration and automation SOAR refers to a collection of software solutions and tools that organizations can leverage to streamline security operations in three key areas: threat and vulnerability management, incident response, and security-operations automation. From a single platfor...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/09 11:51 p.m.331 views

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family Family | Vulnerability Count...

9.3CVSS0.3AI score0.99512EPSS
Exploits116
Rapid7 Blog
Rapid7 Blog
added 2021/02/05 7:30 p.m.123 views

Metasploit Wrap-Up

Baron Samedit is coming to get you Last week, a critical bug in sudo came out and could potentially affect most of the Linux-based operating systems, since this tool is usually installed by default. This vulnerability is identified as CVE-2021-3156, but better known as "Baron Samedit", and is...

7.2CVSS8.7AI score0.99295EPSS
Exploits81
Rapid7 Blog
Rapid7 Blog
added 2021/02/04 9:4 p.m.96 views

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

While Punxsutawney Phil may have said we only have six more weeks of winter, the need to patch software and hardware weaknesses will, unfortunately, never end. Cisco has released security updates to address vulnerabilities in most of their product portfolio, some of which may be exploited to gain...

7.2CVSS1.4AI score0.99295EPSS
Exploits81
Rapid7 Blog
Rapid7 Blog
added 2021/02/03 11:33 p.m.61 views

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

Not content with the beating it laid down in January, 2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software. We dig into the details below. Urgent mitigations required for SonicWall SMA 100 Series...

10CVSS9.3AI score0.36426EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/02/03 3:23 p.m.66 views

Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats. The Feb. 3 release of InsightVM and Nexpose version 6.6.63 includes a beta version of the Metasploit Remote Check Service, bringing Metasploit check method...

2.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/01 3:42 p.m.47 views

Addressing the OT-IT Risk and Asset Inventory Gap

Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years, with recent examples including the SolarWinds attack, which was attributed to nation-state actors with alleged Russian ties. There are suspicions that sensitive information has be...

0.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/01 2:0 p.m.47 views

Rapid7 Acquires Leading Kubernetes Security Provider, Alcide

Organizations around the globe continue to embrace the flexibility, speed, and agility of the cloud. Those that have adopted it are able to accelerate innovation and deliver real value to their customers faster than ever before. However, while the cloud can bring a tremendous amount of benefits t...

0.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/29 9:9 p.m.936 views

Metasploit Wrap-Up

MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...

10CVSS1.1AI score0.99737EPSS
Exploits39
Rapid7 Blog
Rapid7 Blog
added 2021/01/29 2:20 p.m.525 views

NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

10CVSS8AI score0.89047EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2021/01/27 2:38 p.m.32 views

Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?

Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers looking to capitalize on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your web application testing strategy t...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/26 3:1 p.m.88 views

State-Sponsored Threat Actors Target Security Researchers

This blog was co-authored by Caitlin Condon, VRM Security Research Manager, and Bob Rudis, Senior Director and Chief Security Data Scientist. On Monday, Jan. 25, 2021, Google’s Threat Analysis Group TAG published a blog on a widespread social engineering campaign that targeted security researcher...

7.2CVSS0.2AI score0.39653EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/25 3:6 p.m.48 views

Finding Results at the Intersection of Security and Engineering

As vice president and head of global security at ActiveCampaign, I’m fortunate to be able to draw on a multitude of experiences and successes in my career. I started in general network security, where I was involved in pen testing and security research. I worked at several multibillion-dollar Saa...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/22 7:21 p.m.328 views

Metasploit Wrap-Up

Metasploit Wrapup Windows print spooler vulnerability...again Here we have bwatters-r7 coming in with an exploit for CVE-2020-1337, a patch bypass for a Windows print spooler elevation of privilege vulnerability that was exploited in the wild last year. The original vulnerability, CVE-2020-1048,...

10CVSS9.5AI score0.90049EPSS
Exploits19
Rapid7 Blog
Rapid7 Blog
added 2021/01/22 6:14 p.m.55 views

NICER Protocol Deep Dive: Internet Exposure of NTP

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/21 1:30 p.m.43 views

Principles for personal information security legislation

It goes without saying that the 117th US Congress has a lot to get done and many legitimate priorities are competing for finite legislative attention. Cybersecurity will be in this mix. In the wake of the SolarWinds attack, President-elect Biden issued a statement emphasizing that his...

0.5AI score
Exploits0
Total number of security vulnerabilities1723