1723 matches found
Behind the Scenes: Under the Hoodie 2020 Video Series
Longtime fans of our Under the Hoodie video series may have noticed that this year’s videos looked, well, a little different. Because we were all working from home amid the COVID-19 pandemic, we realized that it was no longer feasible to sit down in person and interview our pen testing services...
Don’t Put It on the Internet: Tesla Backup Gateway Edition
Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post. This blog post aims to increase user awareness of the privacy and security risks of connecting devices to the internet. In this edition, we address Tesla Backup Gateways and identify some key areas wher...
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time just a handful of years ago, vulnerability management programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation now happens...
Metasploit Wrap-Up
SaltStack RCE wvu-r7 added an exploit module that targets SaltStack’s Salt software. Specifically, the module exploits both an authentication bypass CVE-2020-25592 and a command injection vulnerability CVE-2020-16846 in SaltStack’s REST API to get code execution as root through Salt’s SSH client ...
NICER Protocol Deep Dive: Internet Exposure of MySQL
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
What’s New in InsightVM: Q3 2020 in Review
Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the n...
2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM
This is the fourth and final installment of our series around 2021 security planning. Through this series, we talked to a previous CISO about how to tackle annual security planning, looked at driving more efficient threat detections, and also explored the benefits of greater SOC automation. In th...
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel...
VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know
What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community to evidence of active exploitation attempts of CVE-2020-3992 and/or CVE-2019-5544, which are remote code execution RCE vulnerabilities in VMware ESXi’s service location protocol SLP service. VMware had issued a patch...
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result in unauthenticated remote root access on a target system. SaltStack developers disclosed these weaknesses on Nov. 3, 2020 and have released patches...
Visualizing Network Traffic Data to Drive Action
Top 5 multi group queries for analyzing network sensor data We launched the Insight Network Sensor earlier this year and have since seen great adoption from both new and existing customers. The main use case behind this success is the need for network visibility. Customers want to know what is...
Advance Your Career: Life as a Rapid7 Belfast Software Engineer
At Rapid7, we believe that by hiring a diverse team with different levels of experience and varying backgrounds, we can ChallengeConvention as OneMoose, push the boundaries of our thinking, and pursue our goals of continuous innovation to achieve secure advancement for all. As we continue to buil...
Metasploit Wrap-Up
Insert 'What Year Is It' meme h00die contributed the Mikrotik unauthenticated directory traversal file read auxiliary gather module, largely a port of the PoC by Ali Mosajjal. The vulnerability CVE-2018-14847 allows any file from the router to be read through the Winbox server in RouterOS due to ...
This One Time on a Pen Test: How I Hacked a Self-Driving Car
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. An...
tCell by Rapid7 Now Available for the European Region
Today, we are excited to announce tCell by Rapid7, our next-gen WAF and RASP solution, is now available in the Rapid7 Insight cloud’s European region. Multi-national or European organizations with data sovereignty requirements can now leverage tCell to reduce the risk of a breach via hacking of...
NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
The Story Behind Security Breaches
There are many potential causes of security breaches, including malicious attacks, system glitches, equipment failures, software bugs, and zero days. What is a common root cause here? Human error. According to Micke Ahola, “In a security context, human error means unintentional actions—or lack of...
Overview of Content Security Policies (CSPs) on the Web
A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded. This protocol was developed primarily to mitigate the impact of cross-site scripting XSS vulnerabilities. To understand exactl...
Metasploit Wrap-Up
Keep your eyes peeled for another Metasploit CTF We hosted our third Annualish Metasploit CTF back in January of this year. All 1,000 slots were booked within days of announcing the competition. Because of the resounding success, we'll be hosting the fourth Annualish Metasploit CTF by year’s end...
National Cybersecurity Awareness Month: Security Pros Offer Top Tips for Staying Safe Online
Held every October, CISA’s National Cybersecurity Awareness Month NCSAM aims to educate organizations and individuals about the ever-changing field of cybersecurity and encourage proper security practices. In honor of this event, we rounded up six key tips from our network of experts to help you...
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
What’s up? As if October 2020 hasn’t been scary enough, Rapid7 Labs, the SANS Internet Storm Center ISC, and other researchers have caught attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to...
How Maria Barsallo Lynch Helps Combat the Spread of Misinformation and Disinformation Ahead of the Election
In our most recent episode of Security Nation, we spoke with Maria Barsallo Lynch, Executive Director of the Defending Digital Democracy Project D3P at the Belfer Center for Science and International Affairs at the Harvard Kennedy School, about her work informing election officials of the rise of...
Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year
Spooky season is in full swing, and we’re not just talking about Halloween. Security vulnerabilities can range from tiny errors to large-scale gaps in protection, and all have different consequences. We put together a list of some of the scariest vulnerabilities of the year the tricks! and the...
Rapid7 Announces Improvements to Goals and SLAs in InsightVM
We know that proving the efficacy of your vulnerability management program is no easy task. But with the Goals and SLAs feature in InsightVM, you can ensure you’re making and tracking progress toward your goals and service-level agreements SLAs at an appropriate place, as well as maintaining...
2021 Detection and Response Planning, Part 3: Why 2021 Is the Year for SOC Automation
In this third installment of our series around 2021 security planning, we’re focused on SOC automation. In part one, we spoke with Rapid7 Detection and Response Practice Advisor, Jeffrey Gardner on tips and advice for ramping up annual security planning. In part two, we discussed how reliable,...
Scan Template Best Practices in InsightVM
When you start out with one of our vulnerability management solutions, Nexpose or InsightVM, one of the first things you should build and set up is a best practices Scan Template. Because best practices are constantly changing, make sure you look at the date this blog was posted and make your...
Metasploit Wrap-Up
Metasploit keeping that developer awareness rate up. Thanks to mrme & wvu, SharePoint is an even better target to find in your next penetration test. The newly minted module can net you a shell and a copy of the servers config, making that report oh so much more fun. Like to escape the sandbox?...
From the Dorm Room to the White House: How Researcher Jack Cable Works to Ensure Election Security
In a recent episode of Security Nation, Rapid7 welcomed Jack Cable, a junior at Stanford University and employee of the U.S. Cybersecutiy and Infrastructure Security Agency, to discuss the importance of ensuring election security beyond just voting machines. Read on as he shares how to fight...
NICER Protocol Deep Dive: Internet Exposure of Remote Desktop (RDP)
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. For...
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to just jump straight to the technical details for these vulnerabilities, I invite you to read his paper here. If you want to know more about why this...
Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life EOL on Jan. 14, 2020. What does that mean in practice? Well, any instances running these versions of Windows Server are no longer supported by Microsoft—no more automated fixes, updates, or technical assistance. From a security standpoint,...
NICER Protocol Deep Dive: Internet Exposure of IMAP and POP
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
Metasploit Wrap-Up
Hacktoberfest 2020 is happening Metasploit is proud to announce that we're participating in Hacktoberfest 2020. Presented by DigitalOcean, Intel, and DEV, Hacktoberfest is an annual celebration of open-source software during the month of October. The first 70,000 participants to submit 4 pull...
Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives
Let’s talk about false positives. They’re frustrating and faulty, but also about as certain as death and taxes for anyone working in IT security. The good news? We’ve added even more ways to reduce the noise they cause. According to Forrester Consulting’s 2019 study, customers have experienced a...
Introducing Enhanced Endpoint Telemetry (EET) in InsightIDR
Rapid7 detection and response customers have access to, and insights from, our experts and research driving the industry forward. This includes a robust library of out-of-the box detections curated from our global managed SOC team, plus insights from Rapid7’s global threat intelligence network...
Heartland Dental’s Ambitions Land Them in the Cloud
Managing security for the largest Dental Support Organization DSO in the United States is no easy task. And sometimes, you need a security services partner to lend a helping hand. We sat down with Heartland Dental to talk about all things security, why they chose Rapid7, how quickly they’re...
There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")
If you’re in the U.S. and were waiting for an “October surprise”, look no further than CVE-2020-16898 which is a remote code execution RCE vulnerability in the Windows TCP/IP stack, or what our own Tod Beardsley likes to call “exploiting poor implementations of core IETF RFCs”. The vulnerability...
Patch Tuesday - October 2020
Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746. Despite this...
2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM
This is the second installment of our series around 2021 security planning. In part one, Rapid7 Detection and Response Practice Advisor Jeffrey Gardner offered tips and advice for ramping up annual security planning. In this installment, we’ll explore the importance of reliable and comprehensive...
What’s New in InsightIDR: Q3 2020 in Review
In July, we provided a rundown of what was new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020 check out the blog post here for a recap. We’ve released some pretty great features and updates since then, so we thought it was time for another recap! This post offers a closer...
Metasploit Wrap-Up
SAP Internet Graphics Server IGS This week includes a new module targeting the SAP Internet Graphics Server application, contributed by community member Vladimir Ivanov. This particular module covers two CVEs that are both XML External Entity XXE bugs that are remotely exploitable. The module com...
PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs
This week, Rapid7 Managed Detection and Response’s MDR intrepid investigators identified an increase in RDP attacks targeting RDP servers without multi-factor authentication enabled. Given that a fair number of folks are still working remotely, it’s no wonder that attackers continue to seek out a...
NICER Protocol Deep Dive: Internet Exposure of VNC
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
How InsightVM Helps You Save Time and Prove Value
For many security teams, vulnerability risk management can feel like an endless climb. The truth is, no IT environment will ever be fully free of cyber-risk. That said, there are simple, attainable steps you can take right away to achieve an acceptable level of risk for your organization with the...
This One Time on a Pen Test: Doing Well With XML
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. Most...
Easily Explore Your Log Data with a Single Query in InsightIDR
We are delighted to announce that Log Search now supports grouping by multiple fields in your log data. By running a single query, you can easily drill down into your log data for in-depth analysis, while still getting an overall view of your data. Read on to find out how to get this rich insight...
Ransomware Payments and Sanctions - U.S. Treasury Advisory
On Oct. 1, the United States Treasury Department Office of Foreign Assets Control OFAC issued an advisory concerning ransomware payments and sanctions regulations. The advisory warned that paying ransoms to sanctioned persons and entities risks violating the law. It also notes that OFAC may impos...
Why Every Organization Needs a Vulnerability Management Policy
The importance of information security in the modern business world cannot be overstated. It’s vital for organizations to take a proactive approach to their cybersecurity, including the development of a vulnerability management policy. In this blog post, we will discuss why vulnerability manageme...