6 min
Vulnerability Disclosure
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).
5 min
Application Security
InsightAppSec Advanced Authentication Settings: Token Replacement
InsightAppSec Token Replacement can be used to capture and replay Bearer Authentication tokens, JWT Authentication tokens, or any other form of session token.
4 min
Cloud Security
New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0
The Center for Internet Security (CIS) recently released version two of their AWS Benchmark: CIS AWS Benchmark 2.0.0.
3 min
Cybersecurity
How To Present SecOps Metrics (The Right Way)
Metrics presentations can get boring. So, it is essential for security professionals to make them engaging. Here's how.
3 min
Metasploit
Metasploit Weekly Wrap-Up: July 28, 2023
Unauthenticated RCE in VMware Product
This week, community contributor h00die added an
exploit module that leverages a command injection vulnerability in VMWare Aria
Operations for Networks, formerly known as vRealize Network Insight. Versions
6.2 to 6.10 are vulnerable (CVE-2023-20887
). A
remote attacker could abuse the Apache Thrift RPC interface by sending specially
crafted data and get unauthe
4 min
Penetration Testing
PenTales: There Are Many Ways to Infiltrate the Cloud
At Rapid7 we love a good pen test story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
Rapid7 was engaged to do an AWS cloud ecosystem pentest for a large insurance
group. The test included looking at internal and external as
2 min
Emergent Threat Response
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.
2 min
Metasploit
Metasploit Weekly Wrap Up: July 21, 2023
This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)
3 min
Penetration Testing
PenTales: Testing Security Health for a Healthcare Company
At Rapid7 we love a good pen test story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
Rapid7 was tasked with testing a provider website in the healthcare industry.
Providers had the ability on the website to apply for jobs
1 min
Threat Intel
The Japanese Technology and Media Attack Landscape
Recently, we released a major report analyzing the threat landscape of Japan,
the globe’s third largest economy. In that report we looked at the ways in which
threat actors infiltrate Japanese companies (spoiler alert: it is often through
foreign subsidiaries and affiliates) and some of the most pervasive threats
those companies face such as ransomware and state-sponsored threat actors.
We also took a look at some of the hardest hit industries and it should come as
no surprise that some of the
5 min
Vulnerability Disclosure
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.
2 min
Emergent Threat Response
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.
4 min
Cloud Security
Managing Risk Across Hybrid Environments with Executive Risk View
As attack surfaces continue to expand, security teams must evolve the scope and approach of their vulnerability management programs.
4 min
Emergent Threat Response
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.
1 min
Lost Bots
[Lost Bots] S03 E04 A Security Leader’s Playbook for the C-suite
In a special two-part “Lost Bots,” hosts Jeffrey Gardner and Stephen Davis talk about presenting cybersecurity results up the org chart.