1723 matches found
Patch Tuesday - December 2024
Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published...
Patch Tuesday - December 2024
Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published...
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...
Metasploit Weekly Wrap-Up 12/06/2024
Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover...
Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command
The cloud has become the backbone of modern innovation, powering everything from AI to remote work. But as organizations embrace the cloud, they also face an ever-expanding and increasingly complex attack surface. With purpose-built harvesting technology providing real-time visibility into...
Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command
The cloud has become the backbone of modern innovation, powering everything from AI to remote work. But as organizations embrace the cloud, they also face an ever-expanding and increasingly complex attack surface. With purpose-built harvesting technology providing real-time visibility into...
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...
Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR
Co-athored by Mikayla Wyman and Ryan Blanchard As organizations increasingly rely on AWS for scalability and innovation, the complexity of securing these environments grows. AWS offers a robust set of native services and a comprehensive ecosystem, but managing security signals and responding to...
Why Cybercriminals Are Not Necessarily Embracing AI
As published in HackerNoon and featured as a “Top 20 Best Read Article” for AI. Introduction The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks. As an example, recently OpenAI reported threat actors abusing...
Metasploit Weekly Wrap-Up 11/29/2024
New module content 4 Acronis Cyber Protect/Backup machine info disclosure Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y [email protected] Type: Auxiliary Pull request: 19582 contributed by h00die-gr3y Path: gather/acroniscyberprotectmachineinfodisclosure AttackerKB reference:...
New “CleverSoar” Installer Targets Chinese and Vietnamese Users
CleverSoar Installer Used to Deploy Nidhogg Rootkit and Winos4.0 Framework Against Targeted Users In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims. CleverSoar is designed to deploy and protect multip...
Metasploit Weekly Wrap-Up 11/22/2024
JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities and is a valuable target for attackers. Targeted DCSync added to Windows Secrets Dump This...
A Bag of RATs: VenomRAT vs. AsyncRAT
Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...
Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)
In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ AWS new Resource Control Policies RCPs, a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner f...
Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards
On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being. At Rapid7, we believe that the best ideas and solutions come from diverse,...
Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub
As organizations continue to scale their digital infrastructure, the volume of vulnerabilities and exposures grows at an overwhelming pace. Security teams often find themselves inundated with alerts and risk signals, unable to remediate every issue within their environment. They often struggle to...
Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products
In today’s complex threat landscape, organizations need every advantage at their disposal to stay secure–starting with maximizing the tools they already have within their ecosystem. With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for...
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...
New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations
Co-authored by Ed Montgomery & René Fusco, Rapid7 In today’s cybersecurity landscape, organizations need robust detection and response solutions to stay ahead of evolving threats. Rapid7’s InsightIDR, the foundation of our Managed Detection and Response MDR service, empowers security teams with...
Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces
On Friday, November 8, 2024, cybersecurity firm Palo Alto Networks PAN published a bulletin PAN-SA-2024-0015 advising firewall customers to take steps to secure their firewall management interfaces amid unverified rumors of a possible new vulnerability. Rapid7 threat intelligence teams have also...
Patch Tuesday - November 2024
Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...
Patch Tuesday - November 2024
Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...
LodaRAT: Established Malware, New Victim Patterns
Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...
Metasploit Wrap-Up: 11/08/2024
RISC-V Support This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. These payloads allow for the execution of commands on compromised hardware, allowing Metasploit Framework and Metasploit Payloads to be used in more...
Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management
“Only 17% of organizations can clearly identify and inventory a majority 95% or more of their assets.” - Gartner Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management TVM, you have asked your IT departme...
Cathal O’Neill - Taking Command of Your Career in Tech
Cathal O’Neill joined Rapid7 in 2023 as a Senior Engineering Manager, and he has since advanced to the role of Engineering Director. Reflecting on his career path, he says,“My journey into senior management has been a continual evolution, driven by both personal development and the desire to lead...
20/20 Cybersecurity: Lessons Learned in 2024 and Strategies for a Stronger 2025
With 2024 rapidly coming to a close, many of us here at Rapid7 are taking a step back, reflecting upon the successes and learnings of the last 12 months, and looking ahead to the challenges and opportunities we could jointly face in the year ahead. Of course, we are doing the same for our...
Metasploit Weekly Wrap-Up 11/01/2024
Pool Party Windows Process Injection This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration and DLL Injection. The research of a new injection technique known as PoolParty highlighted new ways to gain code...
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...
Investigating a SharePoint Compromise: IR Tales from the Field
Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...
Investigating a SharePoint Compromise: IR Tales from the Field
Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...
The Importance of Asset Context in Attack Surface Management.
This is the last of the four blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management ASM Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery covering the foundational elements of Attack...
Metasploit Weekly Wrap-Up 10/25/2024
Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc...
Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command
Over the 15 years I spent as a practitioner and consultant prior to joining Rapid7, a metric that I found to be ever elusive was a true custom prioritization score. You could get close- with enough time, energy, spreadsheets, and logs. But even then it wasn’t without fault. There were still...
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function CWE-306 in the FortiManager...
Metasploit Weekly Wrap-Up 10/18/2024
ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique hence the the ESC in ESC15 was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance...
7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott
Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...
Understanding your Attack Surface: Different Approaches to Asset Discovery
Over the past two blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series and The Main Components of an Attack Surface Management ASM Strategy in our series on Attack Surface Management, we’ve focused on the drivers and core elements of an Attack Surface Management solution. I...
Root Access for Data Control: A DEF CON IoT Village Story
Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...
Test Driving a New Benefit Programme in Belfast
When most people think about benefits packages at work, what typically comes to mind are things like healthcare programmes, financial stipends, or wellbeing incentives. For Stephen, one benefit he uses on a daily basis comes on four wheels. Rapid7’s electric vehicle scheme was rolled out in late...
Patch Tuesday - October 2024
Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as critical yet. Of those five, Microsoft lists two as...
Patch Tuesday - October 2024
Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as critical yet. Of those five, Microsoft lists two as...
Metasploit Weekly Wrap-Up 10/04/2024
New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...
The Main Components of an Attack Surface Management (ASM) Strategy
In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand. We can bre...