1723 matches found
Ransomware Groups Demystified: CyberVolk Ransomware
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...
Ransomware Groups Demystified: CyberVolk Ransomware
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...
Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management
In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...
What’s New in Rapid7 Products & Services: Q3 2024 in Review
This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers command of their attack surface: the Rapid7 Command Platform, our unified threat exposure and detection and response platform. With this, we introduced two exciting new products:...
Proactive Visibility Is Foundational to Strong Cybersecurity
Authored by Guest IDC Blogger: Michelle Abraham Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital...
Metasploit Weekly Wrap-Up 09/27/2024
Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content 5 Cisco Smart Software Manag...
Multiple Vulnerabilities in Common Unix Printing System (CUPS)
On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS Common Unix Printing System. CUPS is a popular IPP-based open-source printing system primarily but not only for Linux and UNIX-like operating...
Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 and Azure DevOps
As organizations continue to embrace cloud-native development practices, the need for integrated security solutions that seamlessly fit into existing DevOps environments has become more pressing than ever. We recognize this critical need and have added new integration for InsightCloudSec ICS and...
Rapid7 Recognized in Forrester’s 2024 Attack Surface Management (ASM) Wave Report
This week, Rapid7 was recognized as a Contender in Forrester’s report, The Forrester WaveTM: Attack Surface Management ASM Solutions Q3 2024. We’re proud to have been selected for inclusion in the report, which to us reflects a continued dedication to enabling customers to: Monitor 100% of their...
Three Recommendations for Creating a Risk-Based Detection and Response Program
It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...
Three Recommendations for Creating a Risk-Based Detection and Response Program
It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...
Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem
As the cybersecurity landscape gets more complex, the stakes for keeping organizations safe have never been higher. Security teams are tasked with keeping ahead of new ransomware groups, rapidly evolving adversary tactics, and their dynamic attack surface as their business grows. Security...
Metasploit Weekly Wrap-Up 09/20/2024
New module content 3 update-motd.d Persistence Author: Julien Voisin Type: Exploit Pull request: 19454 contributed by jvoisin Path: linux/local/motdpersistence Description: This adds a post module to keep persistence on a Linux target by writing a motd bash script triggered with root privileges...
High-Risk Vulnerabilities in Common Enterprise Technologies
Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies that are attractive potential attack targets for both state-sponsored and financially motivated adversaries. We are advising customers to prioritize remediation for these issues on an expedited...
Help, I can’t see! A Primer for Attack Surface Management Blog Series
Part 1: Overview of the Problem ASM Solves and a High-Level Description of ASM and Its Components Welcome to the first installment of our multipart series,"Help! I Can’t See! A Primer for Attack Surface Management Blog Series." In this series, we will explore the critical challenges and solutions...
Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming
Rapid7 is delighted to announce the launch of Vector Command, a continuous red teaming managed service designed to assess your external attack surface and identify gaps in the security defenses on an ongoing basis. Following the launch of Surface Command and Exposure Command in August, Vector...
Metasploit Weekly Wrap-Up 09/13/2024
SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content 2 SPIP BigUp Plugin Unauthenticated RCE Authors: Julien...
The Growing Importance of Exposure Management: Our Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024
The Gartner® Hype Cycle™ for Security Operations, 2024 was published in late July, and is an interesting look at the dynamic nature of both the threat landscape and the diverse range of technologies that security & risk management SRM professionals use to safeguard their organizations...
Ransomware Groups Demystified: Lynx Ransomware
As part of our research and tracking of threats, Rapid7 Labs is actively monitoring new and upcoming threat groups and the ransomware domain is known for having a large number of them. In the Ransomware Radar Report, Rapid7 Labs shared the observation that in the first half of 2024, 21 new or...
Patch Tuesday - September 2024
Microsoft is addressing 79 vulnerabilities this September 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today; at time of writing, all four are listed on CISA KEV. Microsoft is also patching four critical...
Patch Tuesday - September 2024
Microsoft is addressing 79 vulnerabilities this September 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today; at time of writing, all four are listed on CISA KEV. Microsoft is also patching four critical...
Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB and Enterprise
Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment doc US52038824, September 2024 and the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment doc US51541324, September 2024. We want to thank our...
CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices
On August 22, 2024, security firm SonicWall published an advisory on CVE-2024-40766, a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. While CVE-2024-40766 was not known to be exploited in the wild a...
Multiple Vulnerabilities in Veeam Backup & Replication
On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote co...
Our 4 Essential Strategy Takeaways from the Gartner® 2024 Report – How to Prepare for Ransomware Attacks
As ransomware threats continue to evolve, security and risk management leaders must stay ahead by adopting comprehensive strategies to protect their organizations. The 2024 Gartner report, “How to Prepare for Ransomware Attacks”, provides critical insights into the latest tactics used by bad acto...
Metasploit Weekly Wrap-Up 09/06/2024
Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisin. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size,...
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...
Metasploit Weekly Wrap-Up 08/30/2024
A New Way to Encode PHP Payloads A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. This can then be decoded on the receiver to prevent issues with unescaped or bad characters. Ray Vulnerabilities This release of...
Command with Confidence: Insights from Andrew Bustamante
At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7’s Americas Field CTO Jeffrey Gardner in an informal chat. His session, "Command with...
Assessing Container Images Across Private Registries with InsightCloudSec
In the rapidly evolving landscape of software development and deployment, containerization has emerged as a game-changing technology and a de-facto foundation for the majority of modern applications. Containers allow developers to package applications and their dependencies into a single, portabl...
Metasploit Weekly Wrap-Up 08/23/2024
New module content 3 Fortra FileCatalyst Workflow SQL Injection CVE-2024-5276 Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 19373 contributed by h4x-x0r Path: admin/http/fortrafilecatalystworkflowsqli AttackerKB reference: CVE-2024-5276 Description: This adds an auxiliary modu...
Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules
Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals. Here are three key takeaways from the...
Preparing for Unknown Risks: How to Better Prepare for Risks You Can't See Yet
As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it's impossible to always know what's around the corner. It's not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors...
Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the...
5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
As the cloud landscape continues to evolve, organizations face the growing challenge of securing their cloud-native applications. We feel the 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms CNAPP provides invaluable insights into the latest trends and technologies that...
Metasploit Weekly Wrap-Up 08/16/2024
New module content 3 Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: 19348 contributed by jheysel-r7 Path: linux/http/apachehugegraphgremlinrce AttackerKB reference: CVE-2024-27348 Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335...
Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture
Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations. Here are three ke...
Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges
Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...
Black Hat USA 2024: Key Takeaways and Industry Trends
What a week! As Hacker Summer camp shifts into the rearview, it’s time to take a moment to reflect on the week, what we learned and the people we had the pleasure of meeting while out in Las Vegas. As is always the case at Black Hat 2024, the cybersecurity community was buzzing with the latest...
Patch Tuesday - August 2024
Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...
Patch Tuesday - August 2024
Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...
Ongoing Social Engineering Campaign Refreshes Payloads
Executive Summary On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures TTPs that are consistent with an ongoing social engineering campaign being tracked by Rapid7. Rapid7 observed a meaningful shift in the tools used by th...
Metasploit Weekly Wrap-Up 08/09/2024
Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W30...
Key Takeaways From The Take Command Summit: Unlocking Security Success
As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, "Before, During, & After Ransomware...
Illuminating the Shadows: Managing the Risks of Shadow AI in Modern Enterprises
Understanding the challenge of Shadow AI Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products. However, anyone who’s eve...
Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover h...
Details Matter: Pentesting a single device to guarantee security
Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network. The device was being piloted for future deployment and the customer h...
Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.
Few issues keep cybersecurity professionals up at night more than the threat of ransomware. The ubiquity of targets, the relative organization of threat actors, and their multiple paths of entry make combating ransomware particularly formidable. But there is one more facet to this threat that mak...
Introducing the Rapid7 Command Platform
Integrated Security Operations for the Next-Generation Attack Surface As cybercrime and attack surfaces have sprawled, Rapid7 has been able to grow with our customers because we are relentlessly focused on relevance. The way we see it, relevance doesn’t mean aligning to market definitions of...