All Posts

2 min Metasploit

Metasploit Weekly Wrap-Up: July 14, 2023

Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die . This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a header to execute the bypass and use the API to create a new admin user in Wordpress. New module content (3) Wordpress Plugin
1 min Financial Services

The Japanese Financial Services Attack Landscape

We looked at the ways in which threat actors infiltrate Japanese companies (spoiler alert: it is often through foreign subsidiaries and affiliates) and some of the most pervasive threats those companies face such as ransomware and state-sponsored threat actors.
6 min Penetration Testing

PenTales: Old Vulnerabilities, New Tricks

At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. This engagement began like any other Internal Network Penetration test . I follo
8 min Research

Old Blackmoon Trojan, NEW Monetization Approach

Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.

2 min Emergent Threat Response

SonicWall Recommends Urgent Patching for GMS and Analytics CVEs

SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.
12 min Vulnerability Management

Patch Tuesday - July 2023

Five zero-day vulns, including an Office maldoc attack with no patch yet and a SmartScreen bypass. Eight critical RCEs, and 130 total vulns. Busier than recent months.
7 min Vulnerability Disclosure

CVE-2023-29298: Adobe ColdFusion Access Control Bypass

Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.
4 min Detection and Response

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

Rapid7 is excited to share another quarter of new Detection & Response capabilities and improvements.
2 min Metasploit

Metasploit Weekly Wrap-Up: 7/7/23

Apache RocketMQ We saw some great teamwork this week from jheysel-r7 and h00die to bring you an exploit module for CVE-2023-33246 . In Apache RocketMQ version 5.1.0 and under, there is an access control issue which the module leverages to update the broker's configuration file without authentication. From here we can gain remote code execution as whichever user is ru
2 min Reports

The Japanese Automotive Industry Attack Landscape

We also took a look at some of the hardest hit industries and it should come as no surprise that some of the most commonly attacked companies are in industries where Japan currently excels on a global scale
3 min Penetration Testing

PenTales: “User enumeration is not a vulnerability” – I beg to differ

In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.

2 min Security Operations

Showcasing SecOps Metrics That Matter

Our latest ebook, Presenting Upward: How to Showcase SecOps Metrics That Matter offers practical and actionable advice on how to present security metrics in a language execs understand.
3 min Partners

Alerting Rules: InsightIDR Raises the Bar for Visibility and Coverage

Rapid7 user George Schneider of Listrak discusses why InsightIDR has become an essential resource for maintaining the company's security posture.
2 min Metasploit

Metasploit Weekly Wrap-Up: 6/30/23

Nothing but .NET? Smashery continues to… smash it by updating our .NET assembly execution module. The original module allowed users to run a .NET exe as a thread within a process they created on a remote host. Smashery’s improvements let users run the executable within a thread of the process hosting Meterpreter and also changed the I/O for the executing thread to support pipes, allowing interaction with the spawned .NET thread, even when the other process has control over STDIN and STDOUT. The

4 min Vendor Consolidation

Four Signs You Need to Consolidate Your Tech Stack

Learn how consolidation can improve productivity, visibility, and reporting as well as bridge staff resourcing gaps.

Popular Topics

Tags