1 min
Lost Bots
[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes
In the first installment of Season 2 of The Lost Bots, hosts Jeffrey Gardner and Stephen Davis give us their 5 pillars of success for SIEM deployment.
3 min
Application Security
Application Security in 2022: Where Are We Now?
When Forrester put out The State of Application Security, 2022 report, we thought it was a great time to share where we think AppSec is headed.
3 min
Ransomware
For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma
When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.
5 min
Vulnerability Disclosure
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.
4 min
Application Security
API Security: Best Practices for a Changing Attack Surface
APIs have become a large part of the application attack surface, making API security a critical consideration.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/24/22
Add Windows target support for the Confluence OGNL injection module
Improves the exploit/multi/http/atlassian_confluence_namespace_ognl_injection
module to support Windows server targets. This new target can be used to run
payloads in memory with Powershell using the new payload adapters or drop an
executable to disk. Once a Meterpreter session is obtained, getsystem can be
used to escalate to NT AUTHORITY\SYSTEM using the RPCSS technique (#5) since
Confluence service runs as NETWORK SERVICE by
4 min
Detection and Response
Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever
Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response (DFIR) tool.
4 min
Vulnerability Disclosure
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)
A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
2 min
Awards
Two Rapid7 Solutions Take Top Honors at SC Awards Europe
We are pleased to announce that two Rapid7 solutions were recognized on Tuesday, June 21, at the prestigious SC Awards Europe.
6 min
Detection and Response
Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction
A Forrester Consulting study commissioned by Rapid7 found our MDR service delivered an estimated 549% return on investment over 3 years.
4 min
Cloud Security
How to Secure App Development in the Cloud, With Tips From Gartner
New Gartner research highlights how to keep your cloud applications safe without resorting to a patchwork of overlapping tools and services.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Jun. 17, 2022
vCenter Secret Extracter
Expanding on the work of the vcenter_forge_saml_token auxiliary module,
community contributor npm-cesium137-io has
added a new module for extracting the vmdir/vmafd certificates, the IdP keypair,
the VMCA root cert, and anything from vmafd that has a private key associated,
from an offline copy of the services database. This information can then be used
with the vcenter_forge_saml_token module to gain a session cookie that grants
acc
4 min
Cybersecurity
4 Strategies to Help Your Cybersecurity Budget Work Harder
Cybersecurity is a growing concern for organisations across all industries, and budget requests are increasing as a result.
1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
5 min
Events
Security Is Shifting in a Cloud-Native World: Insights From RSAC 2022
Here's a closer look at what two Rapid7 presentations from RSAC 2022 had to say about security in a cloud-native world.