All Posts

Ransomware Campaign Compromising VMware ESXi Servers

Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.

4 min Metasploit

Metasploit Weekly Wrap-Up: 2/2/23

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I won't go over everything we did here because we have a whole separate blog post dedicated to the 6.3 release that you shou

3 min Emergent Threat Response

Exploitation of GoAnywhere MFT zero-day vulnerability

A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.

9 min Application Security

Troubleshooting InsightAppSec Authentication Issues

This article details common issues with macro, traffic, and selenium authentication and details how to troubleshoot them.

2 min Detection and Response

XDR, the Beatles, and Blunt Instruments

The average security team is now managing 76 tools. If you are in that boat and looking to consolidate, our new XDR Buyers Guide can help.

5 min Vulnerability Disclosure

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 and are now disclosing it in accordance with our vulnerability disclosure policy.

3 min Rapid7 Culture

A Customer Success Manager’s Journey to Cybersecurity

Blake Walters joined Rapid7 ready to roll up his sleeves and learn about an entirely new field—cybersecurity.

10 min Research

Rapid7 Observes Use of Microsoft OneNote to Spread Redline Infostealer and Qakbot Malware

Recently, Rapid7 observed malicious actors using OneNote files to deliver malicious code. This post details our findings.

3 min Threat Intel

Threat Intelligence: 2022 Year in Review

As we forge into 2023, Rapid7 Threat Intelligence remains laser-focused and committed to addressing the critical needs of security teams.

13 min Metasploit

Metasploit Framework 6.3 Released

Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.

2 min Metasploit

Metasploit Weekly Wrap-Up: 1/27/23

Cacti Unauthenticated Command Injection Thanks to community contributor Erik Wynter , Metasploit Framework now has an exploit module for an unauthenticated command injection vulnerability in the Cacti network-monitoring software. The vulnerability is due to a proc_open() call that accepts unsanitized user input in remote_agent.php. Provided that the target server has data that's tied to the POLLER_ACTION_S

3 min Detection and Response

The High Cost of Human Error In OT Systems

Nearly 80% of respondents to a recent SCADAfence survey said human error presents the greatest risk to OT control systems.

3 min Detection and Response

3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response: Gartner® Report

In an ongoing effort to help security organizations gain greater visibility into risk, we’re pleased to offer this complimentary Gartner® report, 3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response.

1 min Government

Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint

Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating SLED institutions.