4 min
Cloud Security
Cloud Webinar Series Part 1: Commanding Cloud Strategies
Our new cloud security webinar series will unveil key trends, pinpoint critical challenges, and provide actionable insights for security professionals.
8 min
Vulnerability Disclosure
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 13, 2023
Pollution in Kibana
This week, contributor h00die added a module that
leverages a prototype pollution bug in Kibana prior to version 7.6.3.
Particularly, this issue is within the Upgrade Assistant and enables an attacker
to execute arbitrary code. This vulnerability can be triggered by sending a
queries that sets a new constructor.prototype.sourceURL directly to Elastic or
by using Kibana to submit the same queries. Note that Kibana needs to be
restarted or wait for c
5 min
Research
The Risks of Exposing DICOM Data to the Internet
DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.
12 min
Patch Tuesday
Patch Tuesday - October 2023
Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 6, 2023
New module content (3)
LDAP Login Scanner
Author: Dean Welch
Type: Auxiliary
Pull request: #18197
contributed by dwelch-r7
Path: scanner/ldap/ldap_login
Description: This PR adds a new login scanner module for LDAP. Login scanners
are the classes that provide functionality for testing authentication against
various different protocols and mechanisms. This LDAP login scanner supports
multiple types of aut
8 min
Research
Little Crumbs Can Lead To Giants
This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).
4 min
Detection and Response
What’s New in Rapid7 Detection & Response: Q3 2023 in Review
Rapid7 has updated its Detection and Response offerings with advanced DFIR capabilities, custom detection rules, log search features, and more.
3 min
Emergent Threat Response
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.
2 min
Managed Detection and Response (MDR)
Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MXDR
Rapid7 has expanded Managed Threat Complete to include native NGAV and DFIR powered by our universal Insight Agent.
4 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q3 2023 in Review
In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 29, 2023
TeamCity authentication bypass and remote code execution
This week’s Metasploit release includes a new module for a critical
authentication bypass in JetBrains TeamCity CI/CD Server. All versions of
TeamCity prior to version 2023.05.4 are vulnerable to this issue. The
vulnerability was originally discovered by SonarSource, and the Metasploit
module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who
additionally published a technical analysis on AttackerKB for CVE-2023-4279
6 min
Emergent Threat Response
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
, a secure file transfer solution. There
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044 and CVE-2023-42657). Our research team has identified what
appears to be the .NET deserialization vulnerability (CVE-2023-40044) and
confirmed that it is exploitable with a single HTTPS POST request and a
pre
3 min
DFIR
Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR
Rapid7 is excited to announce the integration of Velociraptor, our leading open-source DFIR framework, into the Insight Platform for InsightIDR Ultimate users — all with no additional deployment or configurations required.
3 min
InsightVM
Introducing Active Risk
Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.