2 min
Artificial Intelligence
NEW RESEARCH: Artificial intelligence and Machine Learning Can Be Used to Stop DAST Attacks Before they Start
Artificial intelligence (AI) and machine learning (ML) can be used to thwart unwanted brute-force DAST attacks before they even begin.
3 min
Emergent Threat Response
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
6 min
Ransomware
GhostLocker - A “Work In Progress” RaaS
GhostSec, has introduced a novel Ransom-as-a-Service encryptor known as GhostLocker.
3 min
Azure
Setup of Discovery Connection Azure
Are you having trouble trying to get your Azure assets into your InsightVM security console? This blog will help you get started with assessing your Azure virtual machines in InsightVM.
6 min
Emergent Threat Response
Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
Daniel Lydon and Conor Quinn contributed attacker behavior insights to this
blog.
As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing
exploitation of Atlassian Confluence in multiple customer environments,
including for ransomware deployment. We have confirmed that at least some of the
exploits are targeting CVE-2023-22518
2 min
Metasploit
Metasploit Weekly Wrap-Up: Nov. 3, 2023
PTT for DCSync
This week, community member smashery made an
improvement to the windows_secrets_dump module to enable it to dump domain
hashes using the DCSync method after having authenticated with a Kerberos
ticket. Now, if a user has a valid Kerberos ticket for a privileged account,
they can run the windows_secrets_dump module with the DOMAIN action and obtain
the desired information. No password required. This is particularly useful in
workflows involving the exp
4 min
Emergent Threat Response
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments.
3 min
IoT
Is That Smart Home Technology Secure? Here’s How You Can Find Out.
I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 27, 2023
New module content (4)
Atlassian Confluence Data Center and Server Authentication Bypass via Broken
Access Control
Authors: Emir Polat and Unknown
Type: Auxiliary
Pull request: #18447
contributed by emirpolatt
Path: admin/http/atlassian_confluence_auth_bypass
AttackerKB reference: CVE-2023-22515
Description: This adds an exploit for
2 min
Emergent Threat Response
CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability
On October 10, 2023, Citrix published an advisory on two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. The more critical of these is CVE-2023-4966, a sensitive information disclosure vulnerability that allows an attacker to read large amounts of memory after the end of a buffer.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 19, 2023
That Privilege Escalation Escalated Quickly
This release features a module leveraging CVE-2023-22515
, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a
privilege escalation, but quickly recategorized as a “broken access control”
with a CVSS score of 10. The exploit itself is very simple and easy to use so
there was little surprise when
7 min
Emergent Threat Response
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability
On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software.
4 min
Cloud Security
Cloud Webinar Series Part 1: Commanding Cloud Strategies
Our new cloud security webinar series will unveil key trends, pinpoint critical challenges, and provide actionable insights for security professionals.
8 min
Vulnerability Disclosure
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 13, 2023
Pollution in Kibana
This week, contributor h00die added a module that
leverages a prototype pollution bug in Kibana prior to version 7.6.3.
Particularly, this issue is within the Upgrade Assistant and enables an attacker
to execute arbitrary code. This vulnerability can be triggered by sending a
queries that sets a new constructor.prototype.sourceURL directly to Elastic or
by using Kibana to submit the same queries. Note that Kibana needs to be
restarted or wait for c