9 min
Patch Tuesday
Patch Tuesday - February 2024
Windows SmartScreen & Internet Shortcut EitW. Office Protected Mode bypass. Exchange critical elevation of privilege.
11 min
Vulnerability Disclosure
CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)
Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices.
2 min
Emergent Threat Response
Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored and other motivated adversaries.
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module
This Metasploit release contains a module for one of 2024's hottest
vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in
Fortra GoAnywhere MFT allows for unauthenticated attackers to access the
InitialAccountSetup.xhtml endpoint which is used during the products initial
setup to create the first administrator user. After setup has completed, this
endpoint is supposed to be no longer available. Attackers can use this
vulnerability
3 min
Gartner
5 Insights from the Latest Cybersecurity Trends Research
we’ve singled out five quick insights security professionals and stakeholders should consider when looking ahead. These findings are based on Top Trends in Cybersecurity for 2024, a new research report from Gartner®.
1 min
Awards
Celebrating Excellence: Alex Page Recognized As a CRN 2024 Channel Chief
Congratulations to Rapid7’s Vice President of Global Channel Sales, Alex Page, who is named among the newly-announced CRN 2024 Channel Chiefs!
3 min
Digital Risk Protection (DRP)
Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service
Cybercrime has boomed to the third largest economy in the world behind the US and China, with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a major breach.
14 min
Ransomware
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements
This week’s updates include improvements to
Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares and
files. SMB modules can also now be executed concurrently. Currently, there are
15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
Mirth Connect Deseria
7 min
Career Development
Rapid7 in Prague: Pete Rubio Shares Insights and Excitement for the New Office
Pete Rubio is the Senior Vice President, Platform & Engineering. Here he discusses the company's newest office in Prague, Czech Republic.
6 min
InsightAppSec
InsightAppSec: Improving Scan Speed and Performance
When scanning a web application in InsightAppSec, you might see it take several hours, if not several days, to run. This can be due to the size of your web app, but plenty of settings in your scan configuration can be modified to help scans complete faster.
5 min
Metasploit
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
detect any suspicious activity. One common way to do so is to add user-land
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
3 min
Security Operations (SOC)
Building the Best SOC Takes Strategic Thinking
So your security team is ready to scale up its security operations center, or
SOC, to better meet the security needs of your organization. That’s great news.
But there are some very important strategic questions that need to be answered
if you want to build the most effective SOC you can and avoid some of the most
common pitfalls teams of any size can encounter.
The Gartner® report SOC Model Guide, is an excellent resource for understanding
how to ask the right questions regarding your securit
2 min
Emergent Threat Response
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/19/24
Unicode your way to a php payload and three modules to add to your playbook for
Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php
filter chaining to prepend a payload using encoding conversion characters and
h00die et. al. have come through and added 3 new Ansible post modules to gather
configuration information, read files, and deploy payloads. While none offer
instantaneous answers across the universe, they will certainly help in red team
exercises.
New module