3 min
7 Rapid Questions
7 Rapid Questions with Toshio Honda, Sr. Security Solutions Engineer
Rapid7 sat down with Senior Security Solutions Engineer, Toshio Honda, to discuss their career and time at Rapid7.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 28, 2022
GLPI htmLawed PHP Command Injection
Our very own bwatters-r7 wrote a module for an
unauthenticated PHP command injection vulnerability that exists in various
versions of GLPI. The vulnerability is due to a third-party vendor test script
being present in default installations. A POST request to
vendor/htmlawed/htmlawed/htmLawedTest.php directly allows an attacker to execute
exec() through the hhook and test parameters, resulting in unauthenticated RCE
as the www
3 min
Security Operations (SOC)
How to Foster Talent in a Cybersecurity Skills Gap
It’s more about thoughtfully building a talent pipeline that benefits your specific organization and moves the needle for the company. The key word in that last sentence? Thoughtfully.
1 min
Risk Management
CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution
On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.
3 min
Vulnerability Management
Adapting existing VM programs to regain control
From elevated expectations, processes, and tooling to pressured budgets, the scale and complexity has made identifying and addressing vulnerabilities in cloud applications and the infrastructure that supports them a seemingly impossible task.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 10/21/22
Zimbra with Postfix LPE (CVE-2022-3569)
This week rbowes added an LPE exploit for Zimbra
with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can
run postfix as root which in turn is capable of executing arbitrary
shellscripts. This can be abused for reliable privilege escalation from the
context of the zimbra service account to root. As of this time, this
vulnerability remains unpatched.
Zimbra RCE (CVE-2022-41352)
rbowes
3 min
Research
New Research: We’re Still Terrible at Passwords; Making it Easy for Attackers
We look at two of the most popular protocols used for remote administration, SSH and RDP, to get a sense of how attackers are taking advantage of weaker password management to gain access to systems.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1
Rapid7 returned to DEF CON 30 and participated at the IoT Village with another hands-on hardware hacking exercise.
8 min
Vulnerability Disclosure
FLEXlm and Citrix ADM Denial of Service Vulnerability
Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and
not CVE-2022-27511, which has a different root cause.
On June 27, 2022, Citrix released an advisory
for CVE-2022-27511 and
CVE-2022-27512 , which affect
Citrix ADM (Application Del
2 min
Cloud Security
Emerging best practices for securing cloud-native environments
As technology evolves and threats change rapidly, organizations that stay abreast of the latest developments, trends, and industry standards tend to have fewer security risks than those that don't.
3 min
Emergent Threat Response
CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"
UPDATE 10/18/22: A previous version of this blog indicated that five JDK
versions (JDK 15+) were not impacted due to the exclusion of the Nashorn
JavaScript engine. However, an updated PoC
came out that uses the
JEXL engine as an exploit path. If JEXL is present, the code executes
successfully, so this issue can be exploited on any JDK where a relevant engine
can be leveraged.
CVE-2022-42889, which some have begun calling “Text4Shell,”
2 min
IoT
Addressing the Evolving Attack Surface Part 1: Modern Challenges
In this webcast, Cindy Stanton highlights where the industry started from traditional vulnerability management which focused on infrastructure but evolved significantly over the last couple of years.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/14/22
Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.
4 min
Cloud Security
Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk
Today almost all cloud users, roles, and identities are overly permissive. To minimize risk, you need to adopt the principle of least privilege access.