Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/10/03 5:0 p.m.6 views

Ransomware Groups Demystified: CyberVolk Ransomware

As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/03 5:0 p.m.3 views

Ransomware Groups Demystified: CyberVolk Ransomware

As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/03 1:0 p.m.25 views

Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management

In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/01 1:0 p.m.38 views

What’s New in Rapid7 Products & Services: Q3 2024 in Review

This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers command of their attack surface: the Rapid7 Command Platform, our unified threat exposure and detection and response platform. With this, we introduced two exciting new products:...

9.8CVSS9.8AI score0.99983EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2024/09/30 1:15 p.m.11 views

Proactive Visibility Is Foundational to Strong Cybersecurity

Authored by Guest IDC Blogger: Michelle Abraham Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/27 7:21 p.m.63 views

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content 5 Cisco Smart Software Manag...

10CVSS9.8AI score0.94661EPSS
Exploits40
Rapid7 Blog
Rapid7 Blog
added 2024/09/26 10:48 p.m.42 views

Multiple Vulnerabilities in Common Unix Printing System (CUPS)

On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS Common Unix Printing System. CUPS is a popular IPP-based open-source printing system primarily but not only for Linux and UNIX-like operating...

9CVSS8.6AI score0.8344EPSS
Exploits17
Rapid7 Blog
Rapid7 Blog
added 2024/09/25 1:0 p.m.11 views

Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 and Azure DevOps

As organizations continue to embrace cloud-native development practices, the need for integrated security solutions that seamlessly fit into existing DevOps environments has become more pressing than ever. We recognize this critical need and have added new integration for InsightCloudSec ICS and...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/24 2:58 p.m.17 views

Rapid7 Recognized in Forrester’s 2024 Attack Surface Management (ASM) Wave Report

This week, Rapid7 was recognized as a Contender in Forrester’s report, The Forrester WaveTM: Attack Surface Management ASM Solutions Q3 2024. We’re proud to have been selected for inclusion in the report, which to us reflects a continued dedication to enabling customers to: Monitor 100% of their...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/24 1:0 p.m.10 views

Three Recommendations for Creating a Risk-Based Detection and Response Program

It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/24 1:0 p.m.4 views

Three Recommendations for Creating a Risk-Based Detection and Response Program

It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...

5.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/23 1:0 p.m.13 views

Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem

As the cybersecurity landscape gets more complex, the stakes for keeping organizations safe have never been higher. Security teams are tasked with keeping ahead of new ransomware groups, rapidly evolving adversary tactics, and their dynamic attack surface as their business grows. Security...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/20 6:31 p.m.43 views

Metasploit Weekly Wrap-Up 09/20/2024

New module content 3 update-motd.d Persistence Author: Julien Voisin Type: Exploit Pull request: 19454 contributed by jvoisin Path: linux/local/motdpersistence Description: This adds a post module to keep persistence on a Linux target by writing a motd bash script triggered with root privileges...

9.8CVSS9AI score0.83178EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2024/09/19 8:45 p.m.27 views

High-Risk Vulnerabilities in Common Enterprise Technologies

Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies that are attractive potential attack targets for both state-sponsored and financially motivated adversaries. We are advising customers to prioritize remediation for these issues on an expedited...

9.8CVSS10AI score0.54143EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2024/09/19 1:0 p.m.13 views

Help, I can’t see! A Primer for Attack Surface Management Blog Series

Part 1: Overview of the Problem ASM Solves and a High-Level Description of ASM and Its Components Welcome to the first installment of our multipart series,"Help! I Can’t See! A Primer for Attack Surface Management Blog Series." In this series, we will explore the critical challenges and solutions...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/17 1:0 p.m.16 views

Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming

Rapid7 is delighted to announce the launch of Vector Command, a continuous red teaming managed service designed to assess your external attack surface and identify gaps in the security defenses on an ongoing basis. Following the launch of Surface Command and Exposure Command in August, Vector...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/13 6:29 p.m.34 views

Metasploit Weekly Wrap-Up 09/13/2024

SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content 2 SPIP BigUp Plugin Unauthenticated RCE Authors: Julien...

9.8CVSS10AI score0.94618EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/09/13 1:15 p.m.11 views

The Growing Importance of Exposure Management: Our Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024

The Gartner® Hype Cycle™ for Security Operations, 2024 was published in late July, and is an interesting look at the dynamic nature of both the threat landscape and the diverse range of technologies that security & risk management SRM professionals use to safeguard their organizations...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/12 3:30 p.m.49 views

Ransomware Groups Demystified: Lynx Ransomware

As part of our research and tracking of threats, Rapid7 Labs is actively monitoring new and upcoming threat groups and the ransomware domain is known for having a large number of them. In the Ransomware Radar Report, Rapid7 Labs shared the observation that in the first half of 2024, 21 new or...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/10 8:49 p.m.76 views

Patch Tuesday - September 2024

Microsoft is addressing 79 vulnerabilities this September 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today; at time of writing, all four are listed on CISA KEV. Microsoft is also patching four critical...

9.9CVSS9.1AI score0.8399EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2024/09/10 8:49 p.m.4 views

Patch Tuesday - September 2024

Microsoft is addressing 79 vulnerabilities this September 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today; at time of writing, all four are listed on CISA KEV. Microsoft is also patching four critical...

9.9CVSS9.6AI score0.8399EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2024/09/10 1:1 p.m.24 views

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB and Enterprise

Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment doc US52038824, September 2024 and the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment doc US51541324, September 2024. We want to thank our...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/09 6:38 p.m.45 views

CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices

On August 22, 2024, security firm SonicWall published an advisory on CVE-2024-40766, a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. While CVE-2024-40766 was not known to be exploited in the wild a...

9.8CVSS9.7AI score0.15694EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/09 2:33 p.m.42 views

Multiple Vulnerabilities in Veeam Backup & Replication

On Wednesday, September 4, 2024, backup and recovery software provider Veeam released their September security bulletin disclosing various vulnerabilities in Veeam products. One of the higher-severity vulnerabilities included in the bulletin is CVE-2024-40711, a critical unauthenticated remote co...

9.8CVSS10AI score0.88193EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/09/09 1:0 p.m.14 views

Our 4 Essential Strategy Takeaways from the Gartner® 2024 Report – How to Prepare for Ransomware Attacks

As ransomware threats continue to evolve, security and risk management leaders must stay ahead by adopting comprehensive strategies to protect their organizations. The 2024 Gartner report, “How to Prepare for Ransomware Attacks”, provides critical insights into the latest tactics used by bad acto...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/06 5:56 p.m.6 views

Metasploit Weekly Wrap-Up 09/06/2024

Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisin. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size,...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/09/05 2:54 p.m.59 views

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...

9.8CVSS9.8AI score0.99983EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2024/09/05 2:54 p.m.8 views

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...

9.8CVSS10AI score0.99983EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2024/08/30 6:43 p.m.54 views

Metasploit Weekly Wrap-Up 08/30/2024

A New Way to Encode PHP Payloads A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. This can then be decoded on the receiver to prevent issues with unescaped or bad characters. Ray Vulnerabilities This release of...

10CVSS9.3AI score0.99987EPSS
Exploits61
Rapid7 Blog
Rapid7 Blog
added 2024/08/28 1:0 p.m.7 views

Command with Confidence: Insights from Andrew Bustamante

At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7’s Americas Field CTO Jeffrey Gardner in an informal chat. His session, "Command with...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/27 1:0 p.m.10 views

Assessing Container Images Across Private Registries with InsightCloudSec

In the rapidly evolving landscape of software development and deployment, containerization has emerged as a game-changing technology and a de-facto foundation for the majority of modern applications. Containers allow developers to package applications and their dependencies into a single, portabl...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/23 3:8 p.m.20 views

Metasploit Weekly Wrap-Up 08/23/2024

New module content 3 Fortra FileCatalyst Workflow SQL Injection CVE-2024-5276 Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 19373 contributed by h4x-x0r Path: admin/http/fortrafilecatalystworkflowsqli AttackerKB reference: CVE-2024-5276 Description: This adds an auxiliary modu...

9.8CVSS9AI score0.90067EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2024/08/23 1:0 p.m.7 views

Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules

Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals. Here are three key takeaways from the...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/22 4:15 p.m.10 views

Preparing for Unknown Risks: How to Better Prepare for Risks You Can't See Yet

As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it's impossible to always know what's around the corner. It's not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/20 1:0 p.m.9 views

Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum

The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/19 3:25 p.m.11 views

5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)

As the cloud landscape continues to evolve, organizations face the growing challenge of securing their cloud-native applications. We feel the 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms CNAPP provides invaluable insights into the latest trends and technologies that...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/16 6:33 p.m.45 views

Metasploit Weekly Wrap-Up 08/16/2024

New module content 3 Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: 19348 contributed by jheysel-r7 Path: linux/http/apachehugegraphgremlinrce AttackerKB reference: CVE-2024-27348 Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335...

9.8CVSS9AI score0.9921EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2024/08/16 1:0 p.m.12 views

Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture

Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations. Here are three ke...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/15 1:30 p.m.8 views

Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/14 1:47 p.m.9 views

Black Hat USA 2024: Key Takeaways and Industry Trends

What a week! As Hacker Summer camp shifts into the rearview, it’s time to take a moment to reflect on the week, what we learned and the people we had the pleasure of meeting while out in Las Vegas. As is always the case at Black Hat 2024, the cybersecurity community was buzzing with the latest...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/13 11:36 p.m.10 views

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

9.8CVSS9.5AI score0.70564EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2024/08/13 11:36 p.m.100 views

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

9.8CVSS9.9AI score0.70564EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2024/08/12 1:0 p.m.78 views

Ongoing Social Engineering Campaign Refreshes Payloads

Executive Summary On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures TTPs that are consistent with an ongoing social engineering campaign being tracked by Rapid7. Rapid7 observed a meaningful shift in the tools used by th...

8.8CVSS10AI score0.83277EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/08/09 6:21 p.m.29 views

Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W30...

9.8CVSS7.8AI score0.83393EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/08/09 1:0 p.m.11 views

Key Takeaways From The Take Command Summit: Unlocking Security Success

As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, "Before, During, & After Ransomware...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/08 1:0 p.m.14 views

Illuminating the Shadows: Managing the Risks of Shadow AI in Modern Enterprises

Understanding the challenge of Shadow AI Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products. However, anyone who’s eve...

6.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/07 2:37 p.m.8 views

Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access

This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover h...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/06 5:0 p.m.11 views

Details Matter: Pentesting a single device to guarantee security

Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network. The device was being piloted for future deployment and the customer h...

8.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/06 1:0 p.m.8 views

Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.

Few issues keep cybersecurity professionals up at night more than the threat of ransomware. The ubiquity of targets, the relative organization of threat actors, and their multiple paths of entry make combating ransomware particularly formidable. But there is one more facet to this threat that mak...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/05 2:0 p.m.8 views

Introducing the Rapid7 Command Platform

Integrated Security Operations for the Next-Generation Attack Surface As cybercrime and attack surfaces have sprawled, Rapid7 has been able to grow with our customers because we are relentlessly focused on relevance. The way we see it, relevance doesn’t mean aligning to market definitions of...

7.5AI score
Exploits0
Total number of security vulnerabilities1723