1723 matches found
You Can Now Buy (And Renew) Five More Rapid7 Products Through AWS Marketplace
Purchasing software through AWS Marketplace has to be one of the most under-appreciated perks of being an Amazon Web Services AWS customer. For starters, products you purchase through Marketplace automatically show up on your next AWS bill, which can really simplify your procurement process. In...
InsightIDR: 2020 Highlights and What’s Ahead in 2021
As we kick off 2021 here at Rapid7, we wanted to take a minute to reflect on 2020, highlight some key InsightIDR product investments we don’t want you to miss, and take a look ahead at where our team sees detection and response going this year. Rapid7 detection and response 2020 highlights Whenev...
Metasploit Wrap-Up
Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF and achieved 100 or more points: If you missed out on participating in this most rece...
NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Patch Tuesday - January 2021
We arrive at the first Patch Tuesday of 2021 2021-Jan with 83 vulnerabilities across our standard spread of products. Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office which includes the SharePoint family of products, and lastly some from les...
Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations
This update is a continuation of our previous coverage of the SolarWinds supply-chain attack that was discovered by FireEye in December 2020. As of Jan. 11, 2021, new research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack...
Metasploit Wrap-Up
Struts2 Multi Eval OGNL RCE Our very own zeroSteiner added exploit/multi/http/struts2multievalognl, which exploits Struts2 evaluating OGNL expressions in HTML attributes multiple times CVE-2019-0230 and CVE-2020-17530. The CVE-2019-0230 OGNL chain for remote code execution requires a one-time cha...
What’s New in InsightAppSec and tCell: Q4 2020 in Review
It’s crazy to believe 2020 has come to an end, and we’re sure we’re not alone in our excitement for 2021! Without a doubt, 2020 has presented some challenges for us all in the security world, as many companies quickly adopted a work-from-home model and pivoted from an in-store experience quickly ...
How COVID-19 Reinforced the Need for Mobile Device Management
How many of you got that call at the beginning of the pandemic to make your company’s workforce 100% capable for remote work? How many of you had no idea how to make that happen, seemingly and sometimes literally overnight? How many of you were already prepared for such an event? Remote workforce...
What’s New in InsightVM: Q4 2020 in Review
Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the n...
NICER Protocol Deep Dive: Internet Exposure of DNS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity
When it comes to offloading security controls to the cloud, it may seem counterintuitive to the notion of “securing” things. But, when we consider the efficiency to be gained by shifting right with some security controls, it makes sense to send more granular, ground-up responsibilities to a trust...
HaXmas Hardware Hacking
Usually, when you read an IoT hacking report or blog post, it ends with something along the lines of, "and that's how I got root," or "and there was a secret backdoor credential," or "and every device in the field uses the same S3 bucket with no authentication." You know, something bad, and the...
Predicting the Unpredictable: What Will the Cybersecurity Space Look Like in 2021?
Not to start off another blog post about how insane this year has been, but let’s just take a moment to appreciate HOW INSANE THIS YEAR HAS BEEN. As I sat down to write this blog post, I took a look at last year’s predictions post and was amused to see how little we knew about what was coming. An...
Metasploit 2020 Wrap-Up
2020 was certainly an interesting year. There were quite a few newsworthy events and some fantastic exploit content released. Let’s take a look at what 2020 meant for Metasploit. Quick stats Some quick statistics for Metasploit’s year. 737 pull requests merged and counting A net gain of +179...
Taking Inspiration from Our Security Nation in an Otherwise Uninspiring Year
Well, what a year it has been. I won’t waste your time by recapping the many, many difficulties that 2020 has offered us, and instead, I will try to take a slightly different tack. While it has been a challenging for some, truly hellacious year, as we close it out, I’ve been trying out a little...
Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
As requested, your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe. Needless to say, some source networks have been very naughty dare we use the word “again,” since these all seem to be repeat offenders. To...
Top Security Recommendations for 2021
Happy HaXmas! We hope everyone is having a wonderful holiday season so far. This year has been wild and unpredictable, and has brought unique risks and threats to the forefront of business activities. So, to help everyone stay safer in 2021, the Strategic Advisory Services team here at Rapid7 is...
Metasploit Tips and Tricks for HaXmas 2020
For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of...
UPnP With a Holiday Cheer
T'was the night before HaXmas, when all through the house, Not a creature was stirring, not even a mouse. The stockings were hung by the chimney with care, in hopes that St. Nicholas soon would be there. This may be the way you start your holiday cheer, but before you get started, let me make you...
Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution
Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals. Through Goals and SLAs, security teams ensure that they’re making progress toward their goals and service-level agreements SLAs at an appropriate pace, and th...
Metasploit Wrap-Up
It's the week of December 17th and that can only mean one thing: a week until Christmas! For those of you who don't celebrate Christmas, a very happy Hanukkah/Chanukah, Kwanzaa, Diwali, Chinese New Year, Winter Solstice and Las Posadas to you all! This is our last weekly wrap-up this year, but as...
What’s New in InsightIDR: Q4 2020 in Review
Throughout the year, we’ve provided roundups of what’s new in InsightIDR, our cloud-based SIEM tool see the H1 recap post, and our most recent Q3 2020 recap post. As we near the end of 2020, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR from Q4 2020...
Help Others Be "Cyber Aware" This Festive Season—And All Year Round!
Are you tired of being the cybersecurity help desk for everyone you know? Are you frustrated with spending all your time securing your corporate environment, only to have to deal with the threat that snuck in through naive end-users? Are you new to security and wondering how you ended up here? Th...
How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM
Since the launch of InsightVM’s Custom Policy Builder in June of this year, hundreds of organizations have created and customized secure configuration policies. While the standard CIS and DISA benchmarks are, by default, great for an organization to kickstart their policy and compliance program,...
Happy HaXmas from the Rapid7 Team!
Happy HaXmas, everyone! This has been quite the year, but we’re thrilled that we’re able to keep up our favorite holiday tradition of our annual HaXmas blog series, which features holiday stories, hacking wins from the year, tips and tricks, and general festivity to keep you entertained during th...
The Risky Business: Rapid7 Report Highlights Need for Improved Vulnerability Management Practices
Back in July, Rapid7 released its first-ever National / Industry / Cloud Exposure Report, otherwise known as “NICER.” This report had a big job: to assess not only the prevalence of known threats, but also to provide a geographic census of those threats. It tells the all-too-true story of...
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform, which is used by organizations to monitor and manage IT infrastructure. FireEye has given the campaign an identifier of UNC2452 and is further...
Metasploit Wrap-Up
In case you missed it, this past weekend the Metasploit team hosted the latest Metasploit CTF. We saw 1903 users register in this round and some excellent writeups have been published on what they found. If you participated but haven’t had a chance to fill out our feedback survey you can find it...
InsightVM Now Integrates With Snyk for Deep Visibility Into Container Vulnerabilities
We know many development teams these days are taking advantage of containerized software applications that may contain all of the necessary code, runtime, system tools, and libraries needed to run an application. Containers are easy to spin up and down, experiment with, and get things done quickl...
NICER Protocol Deep Dive: Internet Exposure of etcd
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
New All Apps and Asset Report Combines Power of InsightVM and InsightAppSec for Boosted Visibility
When speaking with customers, we continue to hear that they are looking for more visibility into their vulnerability risk management activities. This could include complete visibility into the various assets within their dynamic environments, or a deeper understanding of attacks that are occurrin...
Patch Tuesday - December 2020
We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months high thirties, it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported...
2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Penetration testing “pentesting” is the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures. Rapid7’s recently released report, Under the Hoodie, draws from the experiences of our Rapid7 pen testing services teamers to highlight key...
Congrats to the winners of the 2020 December Metasploit community CTF
Thank you all that participated in the 2020 December Metasploit community CTF! The four day CTF was well received by the community, with 874 teams and 1903 users registered! We’ve included the high-level stats and the competition winners below. If you played the CTF and want to let the Metasploit...
NICER Protocol Deep Dive: Internet Exposure of memcached
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Metasploit Wrap-Up
The Metasploit team is rolling to the end of the year featuring a week of modules, updates, and our annual CTF. I say rolling in part because here in the US, we’re coming off our week of Thanksgiving, which involves lots of pies, and we’re probably all a bit more spherical than normal! For those ...
How to Create an OS-Based Policy Scanning Workflow in InsightVM
When you first start setting up InsightVM, the No. 1 thing you should be focused on is building sites, running scans, and kicking off reports to start building your vulnerability management program. Once you start feeling comfortable with the vulnerability management flow, policy scanning should ...
Rapid7’s InsightIDR Introduces Integration with Cybereason
Ransomware is the fastest-growing type of cybercrime, and according to Cybersecurity Ventures, global ransomware damage costs will reach $20 billion by 2021—that’s 57 times more than it was just five years ago. With the increase in remote work this year expanding the attack surface, the threat of...
Threat and Vulnerability Management Best Practices
Today’s business world is increasingly driven by e-commerce and the cloud, which means it requires a proactive approach toward vulnerability management. After all, your company’s data—as well as your customers’—remains at risk to cybercriminals, which places the onus on you to protect your...
Rapid7 Recognized as a Strong Performer Among Security Analytics Providers by Leading Industry Report
At Rapid7, we recognize that security professionals are facing a more challenging landscape than ever before. The mission of InsightIDR—our natively cloud SIEM—is to remove the drudgery and operational burdens associated with traditional approaches, and drive efficient, effective detection and...
NICER Protocol Deep Dive: Internet Exposure of Redis
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Metasploit Wrap-Up
Exploiting weak configurations Community contributor Graeme Robinson added two modules targeting insecurely configured API's, both of which lead to remote code execution. The first module exploits a lack of access control in Apache NiFi, which allows for the creation of an ExecuteProcess processo...
CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620. This vulnerability has a CVSSv3 score of 9.1, which is usually CRITICAL, since it effectively allows anyone who can connect to the OpenCRX server to change the...
Don’t Let These Top Cloud Myths Hamper Your Business Decision-Making
The cloud remains a dominant technology innovation well into its second decade of existence. However, after all this time, certain cloud computing myths still creep into the minds of CIOs and other denizens of the corner office. For example, some business decision-makers feel the cloud is simply ...
NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Metasploit Wrap-Up
It’s 11 o’clock. Do you know where your file uploads are? Repeat contributor Erik Wynter and our own wvu-r7 each submitted modules exploiting web applications which allow attackers to upload files to arbitrary locations, including where the web application would interpret them as code! The first...
Announcing the 2020 December Metasploit community CTF
It’s time for another Metasploit community CTF! We're back on our usual end-of-year schedule this time around, and we’re doing a few things differently. Past CTFs have featured a wide range of challenges across different architectures, difficulty levels, and targets. This year, we wanted to make...
This One Time on a Pen Test: CSRF to Password Reset Phishing
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report...
Congress unanimously passes federal IoT security law
The US Senate unanimously passed the IoT Cybersecurity Improvement Act H.R.1668 yesterday. The US House passed the bill in September, so it is highly likely to become law, barring a Presidential veto. This is arguably the most significant US IoT-specific cybersecurity law to date, as well as the...