4 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 4/14/23
Rocket Software UniRPC Exploits
Ron Bowes submitted two exploit modules
for vulnerabilities
he discovered
in the UniRPC server for Rocket Software’s UniData product. The first exploit
module, exploit/linux/misc/unidata_udadmin_auth_bypass exploits an
authentication bypass to ultimately gain remot
2 min
Research
Anarchy in the UK? Not Quite: A look at the cyber health of the FTSE 350
In this report, Rapid7 looked first at the overall attack surface of the FTSE 350 companies, broken down by industry.
12 min
Vulnerability Management
Patch Tuesday - April 2023
114 vulnerabilities patched, including a zero-day driver-based LPE. Message Queueing Service RCE. End of support for 2013 products.
4 min
Rapid7 Culture
7 Rapid Questions: Lindsey Searle
Lindsey Searle, Senior Manager, Customer Advisors, discusses how her team helps solve customer challenges.
4 min
Vulnerability Disclosure
Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)
A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.
4 min
Rapid7 Culture
Rapid7 Podcast Explores Hybrid-First Workplace Learnings
Rapid7 takes a hybrid-first workplace approach that balances flexibility and productivity with collaboration and optimizing for customer success.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/7/23
The tide rolls in and out.
The flood of new modules last week crested leaving ample time for documentation
updates this week. The team and the community seem to have focused on getting
those sweet sprinkles of information that help everyone understand Metasploit
out to the world.
Enhancements and features (1)
* #17458 from
steve-embling - Updates the
exploit/multi/misc/weblogic_deserialize_ba
1 min
Managed Detection and Response (MDR)
[The Lost Bots] S03E02: Finding unknowns, even spy balloons
Rapid7 Detection and Response Practice Advisor Jeffery Gardner and co-host Stephen Davis, Lead Technical Customer Advisor for MDR, discuss spy balloons and cybersecurity.
8 min
Vulnerability Management
Using InsightVM Remediation Projects To Ensure Accountability
In this blog, we look at two types of console-driven reports and two types of cloud-driven reports (projects)—and how you might use them.
7 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 31, 2023
5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support
3 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q1 2023 in Review
In Q1, we focused driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance.
5 min
Open Source
Velociraptor Version 0.6.8 Available Now
Velociraptor update delivers new client-server communication protocol, VFS GUI, and performance upgrades
4 min
Partners
Rapid7 Announces Partner of the Year Awards 2023 Winners
Rapid7 is proud to announce our Partner of the Year Award winners for 2023!
3 min
Emergent Threat Response
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
Emergent threats evolve quickly. We will update this blog with new information
as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels,
Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and
Christiaan Beek all contributed to this blog.
On Wednesday, March 29, 2023, multiple security firms issued
warnings
2 min
Cybersecurity
Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three
Get practical and actionable advice on how to implement a cyber target operating model that aligns with your business and reduces risk.