5 min
Research
The Risks of Exposing DICOM Data to the Internet
DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.
12 min
Patch Tuesday
Patch Tuesday - October 2023
Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 6, 2023
New module content (3)
LDAP Login Scanner
Author: Dean Welch
Type: Auxiliary
Pull request: #18197
contributed by dwelch-r7
Path: scanner/ldap/ldap_login
Description: This PR adds a new login scanner module for LDAP. Login scanners
are the classes that provide functionality for testing authentication against
various different protocols and mechanisms. This LDAP login scanner supports
multiple types of aut
8 min
Research
Little Crumbs Can Lead To Giants
This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).
4 min
Detection and Response
What’s New in Rapid7 Detection & Response: Q3 2023 in Review
Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.
3 min
Emergent Threat Response
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.
2 min
Managed Detection and Response (MDR)
Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR
Rapid7 has expanded Managed Threat Complete to include native NGAV and DFIR powered by our universal Insight Agent.
4 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q3 2023 in Review
In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 29, 2023
TeamCity authentication bypass and remote code execution
This week’s Metasploit release includes a new module for a critical
authentication bypass in JetBrains TeamCity CI/CD Server. All versions of
TeamCity prior to version 2023.05.4 are vulnerable to this issue. The
vulnerability was originally discovered by SonarSource, and the Metasploit
module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who
additionally published a technical analysis on AttackerKB for CVE-2023-4279
6 min
Emergent Threat Response
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
, a secure file transfer solution. There
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044 and CVE-2023-42657). Our research team has identified what
appears to be the .NET deserialization vulnerability (CVE-2023-40044) and
confirmed that it is exploitable with a single HTTPS POST request and a
pre
3 min
DFIR
Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR
Rapid7 is excited to announce the integration of Velociraptor, our leading open-source DFIR framework, into the Insight Platform for InsightIDR Ultimate users — all with no additional deployment or configurations required.
3 min
InsightVM
Introducing Active Risk
Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.
2 min
Emergent Threat Response
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 22, 2023
Improved Ticket Forging
Metasploit’s admin/kerberos/forge_ticket module has been updated to work with
Server 2022. In Windows Server 2022, Microsoft started requiring additional new
PAC elements to be present - the PAC requestor and PAC attributes. The newly
forged tickets will have the necessary elements added automatically based on the
user provided domain SID and user RID. For example:
msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f649
4 min
MITRE ATT&CK
Rapid7 2023 MITRE Engenuity ATT&CK® Evaluations
InsightIDR has evolved to stay in front of emergent threats and expanding attack surfaces, and now we are proud to share our participation and results from the most recent MITRE Engenuity ATT&CK Evaluation: Enterprise.