2 min
Metasploit
Metasploit Weekly Wrap-Up 09/13/2024
SPIP Modules
This week brings more modules targeting the SPIP publishing platform. SPIP has
gained some attention from Metasploit community contributors recently and has
inspired some PHP payload and encoder improvements.
New module content (2)
SPIP BigUp Plugin Unauthenticated RCE
Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec
Type: Exploit
Pull request: #19444
contributed by Chocapikk
Pat
4 min
Gartner
The Growing Importance of Exposure Management: Our Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024
The Gartner® Hype Cycle™ for Security Operations, 2024 was published in late July, and is an interesting look at the dynamic nature of both the threat landscape and the diverse range of technologies that security & risk management (SRM) professionals use to safeguard their organizations.
4 min
Labs
Ransomware Groups Demystified: Lynx Ransomware
As part of our research and tracking of threats, Rapid7 Labs is actively monitoring new and upcoming threat groups and the ransomware domain is known for having a large number of them.
10 min
Patch Tuesday
Patch Tuesday - September 2024
4 zero-days. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT critical RCEs.
4 min
InsightIDR
Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB and Enterprise
Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment.
2 min
Emergent Threat Response
CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices
CVE-2024-40766 is a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. As of September 9, 2024, Rapid7 is aware of several recent incidents in which SonicWall SSLVPN accounts were targeted or compromised.
3 min
Emergent Threat Response
Multiple Vulnerabilities in Veeam Backup & Replication
On September 4, 2024, Veeam released their September security bulletin disclosing various vulnerabilities, including CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution.
3 min
Gartner
Our 4 Essential Strategy Takeaways from the Gartner® 2024 Report – How to Prepare for Ransomware Attacks
The 2024 Gartner report, “How to Prepare for Ransomware Attacks”, provides critical insights into the latest tactics used by bad actors and offers practical solutions on how to fortify defenses.
2 min
Metasploit
Metasploit Weekly Wrap-Up 09/06/2024
Honey, I shrunk the PHP payloads
This release contains more PHP payload improvements from Julien Voisin. Last
week we landed a PR from Julien that added a datastore option to the php/base64
encoder that when enabled, will use zlib to compress the payload which
significantly reduced the size, bringing a payload of 4040 bytes down to a mere
1617 bytes. This week's release includes a php/minify encoder which removes all
unnecessary characters from the payload including comments, empty lines, leadin
17 min
Vulnerability Disclosure
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux and Windows. Exploitation is facilitated by bypassing previous patches.
4 min
Metasploit
Metasploit Weekly Wrap-Up 08/30/2024
A New Way to Encode PHP Payloads
A new PHP encoder has been released by a community contributor, jvoisin
, allowing a PHP payload to be encoded as an
ASCII-Hex string. This can then be decoded on the receiver to prevent issues
with unescaped or bad characters.
Ray Vulnerabilities
This release of Metasploit Framework also features 3 new modules to target
ray.io, which is a framework for distributing AI-related workloads across
multiple machines, which makes it an exce
1 min
Events
Command with Confidence: Insights from Andrew Bustamante
At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7’s Americas Field CTO Jeffrey Gardner in an informal chat.
2 min
InsightCloudSec
Assessing Container Images Across Private Registries with InsightCloudSec
As the adoption of container technology has grown, so too has the importance of securing these environments.
1 min
Metasploit
Metasploit Weekly Wrap-Up 08/23/2024
New module content (3)
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373
contributed by h4x-x0r
Path: admin/http/fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276
Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL
inj
2 min
Events
Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules
Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals.