4 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 1, 2023
Customizable DNS resolution
Contributor smashery added a new dns command to
Metasploit console, which allows the user to customize the behavior of DNS
resolution. Similarly to the route command, it is now possible to specify where
DNS requests should be sent to avoid any information leak. Before these changes,
the Framework was using the default local system configuration. Now, it is
possible to specify which DNS server should be queried based on rules that match
sp
5 min
Emergent Threat Response
CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API
On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” (graphapi) is present.
2 min
Security Operations (SOC)
Attackers are Working Around The Clock. Luckily, So Are We.
With the average cost of a breach at an all time high of $4.45 million, there’s an undeniable need for teams to enlist the right experts to quickly eradicate threats.
3 min
Artificial Intelligence
Rapid7 Takes Next Step in AI Innovation with New AI-Powered Threat Detections
A decades-long transition to cloud as the de-facto delivery model of choice has delivered undeniable value to the business landscape.
4 min
Cloud Security
Updates to Layered Context Enable Teams to Quickly Understand Which Risk Signals Are Most Pressing
Layered Context introduced a consolidated view of all security risks insightCloudSec collects from the various layers of a cloud environment.
3 min
Building our Team in Prague: Meet Martin Votruba
From developing driver-assistance software for a luxury car brand to jumping on board an NFT startup, Martin Votruba, Lead Software Engineer, is not one to shy away from a challenge.
1 min
Metasploit
Metasploit Wrap-Up: Nov. 23, 2023
Metasploit 6.3.44 released with stability improvements and module fixes
4 min
MSSP
When Maximum Effort Doesn't Equate to Maximum Results
It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, increased budget scrutiny and constrained staff resources.
3 min
Cloud Security
Rapid7 Introduces AI-driven Cloud Anomaly Detection
AWS Re:Invent, Amazon Web Services’ annual mega-conference will soon kick off in Las Vegas and there are sure to be a ton of new cloud security innovations, including Rapid7's new capability - Cloud Anomaly Detection.
1 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Nov. 17, 2023
Possible Web Service Removal
Metasploit has support for running with a local database, or from a remote web
service which can be initialized with msfdb init --component webservice. Future
versions of Metasploit Framework may remove the msfdb remote webservice. Users
that leverage this functionality are invited to react on an issue currently on
GitHub to inform
the maintainers that the feature is used.
New module content (1)
ZoneMind
3 min
Cloud Security
Manage Enterprise Risk at Scale with a Unified, Holistic Approach
The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage.
9 min
Patch Tuesday
Patch Tuesday - November 2023
Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.NET. Overall fewer patches than usual. cURL patch.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 11/10/23
Apache MQ and Three Cisco Modules in a Trenchcoat
This week’s release has a lot of new content and features modules targeting two
major recent vulnerabilities that got a great deal of attention: CVE-2023-46604
targeting Apache MQ
resulting in ransomware deployment and CVE-2023-20198 targeting Cisco IOS XE OS
1 min
Velociraptor
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.
2 min
Cloud Security
Be Empathetic and Hug Your CISO More!
In the rapidly evolving landscape of cloud computing, the adoption of multi-cloud environments has become a prevailing trend. Organizations increasingly turn to multiple cloud providers to harness diverse features, prevent vendor lock-in, and optimize costs.