2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/14/22
Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.
4 min
Cloud Security
Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk
Today almost all cloud users, roles, and identities are overly permissive. To minimize risk, you need to adopt the principle of least privilege access.
3 min
InsightIDR
A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR
At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.
3 min
Security Operations (SOC)
The Intelligent Listing: Cybersecurity Job Descriptions That Deliver
Modern job descriptions cause a lot of eye-rolling. What used to be a couple of paragraphs is now filled with a laundry list of too many "requirements."
5 min
Gartner
Rapid7 Recognized in the 2022 Gartner® Magic Quadrant™ for SIEM
Rapid7 is proud to represent the huge number of security teams out there today that don’t have time to do it all, but are asked to do it anyway.
5 min
Cloud Security
Real-Time Risk Mitigation in Google Cloud Platform
With Google Cloud Next happening this week, there’s been some recent water cooler talk where discussions about what makes Google Cloud Platform unique when it comes to security.
8 min
Vulnerability Management
Patch Tuesday - October 2022
Microsoft has patched 96 CVEs, including zero-days affecting Windows and Office for Mac. The recent Exchange Server zero-days seen exploited in the wild remain unpatched.
5 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 7, 2022
Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support
This week brings a new and frequently requested feature to the Windows
Meterpreter, the Beacon Object File loader. This new extension, bofloader,
allows for users to execute Beacon Object Files as written for either Cobalt
Strike or Sliver. This extension was provided by a group effort among community
members kev169 , GuhnooPlusLinux
, R0wdyJoe
2 min
Emergent Threat Response
CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies
On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.
3 min
Emergent Threat Response
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.
3 min
InsightIDR
What's New in InsightIDR: Q3 2022 in Review
This Q3 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward.
6 min
Velociraptor
Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before
Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 30, 2022
Veritas Backup Exec Agent RCE
This module kindly provided by c0rs targets the
Veritas Backup Exec Agent in order to gain RCE as the system/root user.
The exploit itself is actually a chain of 3 separate CVEs (CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878) which only makes it more impressive.
While you're patching, why not take the time to test your backups too.
Hikvision IP Camera user impersonation
This vulnerability has been present in Hikvision products since 20
5 min
Emergent Threat Response
CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server
On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.
1 min
Lost Bots
[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting
In this episode of The Lost Bots, our hosts dive into the practical side of getting your threat hunting efforts up and running.