Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/12/10 10:15 p.m.34 views

Patch Tuesday - December 2024

Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published...

9.8CVSS9AI score0.83642EPSS
Exploits26
Rapid7 Blog
Rapid7 Blog
added 2024/12/10 10:15 p.m.6 views

Patch Tuesday - December 2024

Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row, Microsoft has published...

9.8CVSS8.2AI score0.70906EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/12/10 2:4 p.m.31 views

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...

9.8CVSS9.5AI score0.98529EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/12/10 2:4 p.m.4 views

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...

9.8CVSS7.8AI score0.98529EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/12/06 8:29 p.m.36 views

Metasploit Weekly Wrap-Up 12/06/2024

Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover...

9.8CVSS9.4AI score0.94761EPSS
Exploits64
Rapid7 Blog
Rapid7 Blog
added 2024/12/06 2:0 p.m.7 views

Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command

The cloud has become the backbone of modern innovation, powering everything from AI to remote work. But as organizations embrace the cloud, they also face an ever-expanding and increasingly complex attack surface. With purpose-built harvesting technology providing real-time visibility into...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/06 2:0 p.m.3 views

Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command

The cloud has become the backbone of modern innovation, powering everything from AI to remote work. But as organizations embrace the cloud, they also face an ever-expanding and increasingly complex attack surface. With purpose-built harvesting technology providing real-time visibility into...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/04 3:45 p.m.19 views

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...

8.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/04 3:45 p.m.8 views

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/03 8:0 p.m.41 views

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

9.8CVSS8.4AI score0.01111EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/12/03 8:0 p.m.10 views

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

9.8CVSS10AI score0.01111EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/12/03 2:1 p.m.7 views

Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR

Co-athored by Mikayla Wyman and Ryan Blanchard As organizations increasingly rely on AWS for scalability and innovation, the complexity of securing these environments grows. AWS offers a robust set of native services and a comprehensive ecosystem, but managing security signals and responding to...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/02 2:30 p.m.10 views

Why Cybercriminals Are Not Necessarily Embracing AI

As published in HackerNoon and featured as a “Top 20 Best Read Article” for AI. Introduction The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks. As an example, recently OpenAI reported threat actors abusing...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/29 6:15 p.m.28 views

Metasploit Weekly Wrap-Up 11/29/2024

New module content 4 Acronis Cyber Protect/Backup machine info disclosure Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y [email protected] Type: Auxiliary Pull request: 19582 contributed by h00die-gr3y Path: gather/acroniscyberprotectmachineinfodisclosure AttackerKB reference:...

9.7AI score0.97639EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2024/11/27 2:28 p.m.32 views

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

CleverSoar Installer Used to Deploy Nidhogg Rootkit and Winos4.0 Framework Against Targeted Users In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims. CleverSoar is designed to deploy and protect multip...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/22 8:28 p.m.32 views

Metasploit Weekly Wrap-Up 11/22/2024

JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities and is a valuable target for attackers. Targeted DCSync added to Windows Secrets Dump This...

10CVSS7AI score0.16513EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2024/11/21 5:19 p.m.21 views

A Bag of RATs: VenomRAT vs. AsyncRAT

Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/20 4:42 p.m.29 views

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...

9.4CVSS7AI score0.00974EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/20 4:42 p.m.4 views

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Wowza Streaming Engine below v4.9.1 is vulnerable to multiple vulnerabilities on Linux and Windows. An unauthenticated attacker can poison the Wowza Streaming Engine Manager web dashboard with a stored cross-site scripting “XSS” payload. When an administrator views the poisoned dashboard,...

9.6CVSS7.7AI score0.00974EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/20 2:0 p.m.12 views

Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ AWS new Resource Control Policies RCPs, a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner f...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/19 5:50 p.m.4 views

Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being. At Rapid7, we believe that the best ideas and solutions come from diverse,...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/19 2:0 p.m.7 views

Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub

As organizations continue to scale their digital infrastructure, the volume of vulnerabilities and exposures grows at an overwhelming pace. Security teams often find themselves inundated with alerts and risk signals, unable to remediate every issue within their environment. They often struggle to...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/18 2:1 p.m.6 views

Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products

In today’s complex threat landscape, organizations need every advantage at their disposal to stay secure–starting with maximizing the tools they already have within their ecosystem. With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/15 8:37 p.m.33 views

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...

9.3CVSS8.6AI score0.91783EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2024/11/15 2:30 p.m.14 views

New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations

Co-authored by Ed Montgomery & René Fusco, Rapid7 In today’s cybersecurity landscape, organizations need robust detection and response solutions to stay ahead of evolving threats. Rapid7’s InsightIDR, the foundation of our Managed Detection and Response MDR service, empowers security teams with...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/15 12:44 p.m.41 views

Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces

On Friday, November 8, 2024, cybersecurity firm Palo Alto Networks PAN published a bulletin PAN-SA-2024-0015 advising firewall customers to take steps to secure their firewall management interfaces amid unverified rumors of a possible new vulnerability. Rapid7 threat intelligence teams have also...

5.9CVSS8.2AI score0.99698EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2024/11/12 10:42 p.m.6 views

Patch Tuesday - November 2024

Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...

8.8CVSS9.5AI score0.81817EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2024/11/12 10:42 p.m.67 views

Patch Tuesday - November 2024

Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...

9.9CVSS10AI score0.81817EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2024/11/12 2:0 p.m.14 views

LodaRAT: Established Malware, New Victim Patterns

Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/08 7:26 p.m.37 views

Metasploit Wrap-Up: 11/08/2024

RISC-V Support This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. These payloads allow for the execution of commands on compromised hardware, allowing Metasploit Framework and Metasploit Payloads to be used in more...

9.8CVSS9.1AI score0.93159EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/11/08 2:30 p.m.12 views

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

“Only 17% of organizations can clearly identify and inventory a majority 95% or more of their assets.” - Gartner Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management TVM, you have asked your IT departme...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/07 2:0 p.m.6 views

Cathal O’Neill - Taking Command of Your Career in Tech

Cathal O’Neill joined Rapid7 in 2023 as a Senior Engineering Manager, and he has since advanced to the role of Engineering Director. Reflecting on his career path, he says,“My journey into senior management has been a continual evolution, driven by both personal development and the desire to lead...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/04 2:0 p.m.5 views

20/20 Cybersecurity: Lessons Learned in 2024 and Strategies for a Stronger 2025

With 2024 rapidly coming to a close, many of us here at Rapid7 are taking a step back, reflecting upon the successes and learnings of the last 12 months, and looking ahead to the challenges and opportunities we could jointly face in the year ahead. Of course, we are doing the same for our...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/11/01 6:4 p.m.25 views

Metasploit Weekly Wrap-Up 11/01/2024

Pool Party Windows Process Injection This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration and DLL Injection. The research of a new injection technique known as PoolParty highlighted new ways to gain code...

9.9CVSS9.2AI score0.93971EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2024/11/01 1:0 p.m.15 views

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/30 8:19 p.m.42 views

Investigating a SharePoint Compromise: IR Tales from the Field

Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...

7.2CVSS8.4AI score0.49979EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/10/30 8:19 p.m.9 views

Investigating a SharePoint Compromise: IR Tales from the Field

Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...

7.2CVSS9.5AI score0.49979EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2024/10/30 1:0 p.m.13 views

The Importance of Asset Context in Attack Surface Management.

This is the last of the four blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management ASM Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery covering the foundational elements of Attack...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/25 7:34 p.m.46 views

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc...

9.8CVSS9.6AI score0.99994EPSS
Exploits38
Rapid7 Blog
Rapid7 Blog
added 2024/10/25 1:0 p.m.9 views

Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command

Over the 15 years I spent as a practitioner and consultant prior to joining Rapid7, a metric that I found to be ever elusive was a true custom prioritization score. You could get close- with enough time, energy, spreadsheets, and logs. But even then it wasn’t without fault. There were still...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/23 4:21 p.m.31 views

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function CWE-306 in the FortiManager...

9.8CVSS10AI score0.94761EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/10/18 6:14 p.m.36 views

Metasploit Weekly Wrap-Up 10/18/2024

ESC15: EKUwu AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique hence the the ESC in ESC15 was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance...

10CVSS10AI score0.73708EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2024/10/18 1:0 p.m.7 views

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/17 1:0 p.m.13 views

Understanding your Attack Surface: Different Approaches to Asset Discovery

Over the past two blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series and The Main Components of an Attack Surface Management ASM Strategy in our series on Attack Surface Management, we’ve focused on the drivers and core elements of an Attack Surface Management solution. I...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/16 6:14 p.m.7 views

Root Access for Data Control: A DEF CON IoT Village Story

Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/16 4:0 p.m.6 views

Test Driving a New Benefit Programme in Belfast

When most people think about benefits packages at work, what typically comes to mind are things like healthcare programmes, financial stipends, or wellbeing incentives. For Stephen, one benefit he uses on a daily basis comes on four wheels. Rapid7’s electric vehicle scheme was rolled out in late...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/08 9:28 p.m.6 views

Patch Tuesday - October 2024

Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as critical yet. Of those five, Microsoft lists two as...

8.1CVSS9.4AI score0.60954EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2024/10/08 9:28 p.m.109 views

Patch Tuesday - October 2024

Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as critical yet. Of those five, Microsoft lists two as...

9.8CVSS10AI score0.60954EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/10/04 7:53 p.m.37 views

Metasploit Weekly Wrap-Up 10/04/2024

New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...

9.8CVSS10AI score0.75384EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2024/10/04 4:21 p.m.15 views

The Main Components of an Attack Surface Management (ASM) Strategy

In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand. We can bre...

6.8AI score
Exploits0
Total number of security vulnerabilities1723