3 min
Metasploit
Metasploit Wrap-Up: 8/19/22
Advantech iView NetworkServlet Command Injection
This week Shelby Pace has developed a new exploit
module for CVE-2022-2143
. This
module uses an unauthenticated command injection vulnerability to gain remote
code execution against vulnerable versions of Advantech iView software below
5.7.04.6469. The software runs as NT AUTHORITY\SYSTEM, granting the module user
unauthenticated privileged access
4 min
Research
Pushing Open-Source Security Forward: Insights From Black Hat 2022
Here's a look at two Rapid7 researchers' presentations from Black Hat 2022, and how their efforts are helping push open-source security forward.
3 min
Detection and Response
360-Degree XDR and Attack Surface Coverage With Rapid7
Leverage InsightIDR, Threat Command, and InsightConnect to unlock a complete view of your attack surface with unmatched signal to noise.
1 min
Rapid7 Culture
Leading the Way in Tampa
It's an exciting time to be a part of the tech scene in Tampa, and Rapid7 is smack in the middle.
4 min
Emergent Threat Response
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched and four that are actively being exploited.
3 min
Application Security
Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec
InsightAppSec's new application discovery feature, powered by Rapid7's Project Sonar, helps security teams know what apps are exposed to the internet.
2 min
Events
[VIDEO] An Inside Look at Black Hat 2022 From the Rapid7 Team
Here's a look at the highlights from Black Hat 2022 in Las Vegas, as told by three of our Rapid7 team members who attended.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 8/12/22
Putting in the work!
This week we’re extra grateful for the fantastic contributions our community
makes to Metasploit. The Metasploit team landed more than 5 PRs each from Ron
Bowes and bcoles ,
adding some great new capabilities.
Ron Bowes contributed four new modules targeting
UnRAR, Zimbra, and ManageEngine ADAudit Plus. These modules offer Metasploit
users some excellent new vectors to leverage against
5 min
Detection and Response
3 Mistakes Companies Make in Their Detection and Response Programs
We've put together a list of the top mistakes companies make in their D&R programs, as well as tips to overcome or avoid them.
21 min
Vulnerability Disclosure
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software
Rapid7 discovered vulnerabilities and non-security issues affecting Cisco ASA, ASDM, and FirePOWER Services Software for ASA.
2 min
Detection and Response
OCSF: Working Together to Standardize Data
Rapid7 and other security vendors are collaborating on an Open Cybersecurity Schema Framework (OCSF), an open standard for both data producers and users.
5 min
Public Policy
Navigating the Evolving Patchwork of Incident Reporting Requirements
Rapid7 is supportive of CIRCIA and cyber incident reporting, but we encourage regulators to ensure reporting rules do not impose unnecessary burdens.
11 min
Vulnerability Management
Patch Tuesday - August 2022
Microsoft has patched 141 CVEs in their August 2022 updates, including one zero-day affecting the Microsoft Windows Support Diagnostic Tool (MSDT).
3 min
Managed Detection and Response (MDR)
6 Reasons Managed Detection and Response Is Hitting Its Stride
What’s driving the move to managed detection and response? Let’s take a look at six main factors.
3 min
Career Development
How One Engineer Upskilled Into a Salesforce Engineering Role at Rapid7
When our Engineering team was searching for candidates to help with our Salesforce ecosystem, one engineer stepped up to the challenge of a new role.