2 min
Metasploit
Metasploit Wrap-Up: 2/17/23
Cisco RV Series Auth Bypass and Command Injection
Thanks to community contributor neterum , Metasploit
framework just gained an awesome new module which targets Cisco Small Business
RV Series Routers. The module actually exploits two vulnerabilities, an
authentication bypass CVE-2022-20705
and a
command injection vulnerability CVE-2022-20707
1 min
Rapid7 Culture
Rapid7 CEO Corey E. Thomas Appointed To National Security Telecommunications Advisory Committee
President Biden to appoint industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the National Security Telecommunications Advisory Committee.
2 min
Cloud Security
CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report
Cloud Security and IAM providers should consider prioritizing specific CIEM capabilities according to a new Gartner report.
8 min
Vulnerability Management
Patch Tuesday - February 2023
Microsoft has patched 72 CVEs, including three actively-exploited zero-days affecting Windows and Microsoft 365 for Enterprise.
2 min
Research
A Deep Dive into Reversing CODESYS
This white paper offers a technical deep dive into PLC protocols and how to safely scan CODESYS-based ICS networking stacks.
2 min
Rapid7 Culture
Rapid7 and USF: Building a diverse cybersecurity workforce is not optional
Rapid7 and the University of South Florida (USF) have announced a joint research lab aimed at increasing diversity in the cybersecurity workforce.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 2/10/23
Taking a stroll down memory lane (Tomcat Init Script Privilege Escalation)
Do you remember the issue with Tomcat init script that was originally discovered
by Dawid Golunski back in 2016 that
led to privilege escalation? This week's Metasploit release includes an exploit
module for CVE-2016-1240 by h00die . This
vulnerability allows any local users who already have tomcat accounts to perform
privilege escalation and gain acc
2 min
Research
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
Rapid7 research has found that nearly 19,000 ESXi servers likely remain vulnerable to CVE-2021-21974, which is being exploited in the ESXiArgs campaign.
5 min
Research
Evasion Techniques Uncovered: An Analysis of APT Methods
DLL search order hijacking and DLL sideloading are commonly used by nation state sponsored attackers to evade detection.
4 min
InsightIDR
Year In Review: Rapid7 InsightIDR
In 2022, We worked with our most forward-deployed practitioners to develop address detection and response pain points and meet specific goals.
2 min
Rapid7 Culture
Rapid7 Recognized on Bloomberg Gender Equality Index, Continues Commitments to Support DEI
For the fifth year in a row, Rapid7 has been included in the Bloomberg Gender Equality Index.
2 min
Emergent Threat Response
CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability,
this blog post will evolve, too.
Rapid7 is responding to various compromises arising from the exploitation of
CVE-2022-21587 , a critical
arbitrary file upload vulnerability (rated 9.8 on the CVSS v3 risk metric)
impacting Oracle E-Business Suite (EBS). Oracle published a Critical Patch
Update Advisory in
Octob
13 min
Vulnerability Disclosure
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
Rapid7 has discovered, and is now disclosing, eight XSS issues affecting four on-premises document management systems. As of this disclosure, none have patches available.
2 min
Emergent Threat Response
CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products
Atlassian has published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting Jira service management products.
2 min
Emergent Threat Response
Ransomware Campaign Compromising VMware ESXi Servers
Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.