6 min
Vulnerability Management
InsightVM Scanning: Demystifying SSH Credential Elevation
In this post, we look at the different ways SSH credentials can be elevated for scanning in InsightVM.
3 min
Supply Chain Security
An Inside Look at CISA’s Supply Chain Task Force
In this guest post, Rapid7 customer Chad Kliewer writes about his experience on CISA's new task force created to enhance supply chain resilience.
5 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 11, 2022
Mucking out the pipes.
Thanks to some quick work by timwr , CVE-2022-0847
aka
"Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit
targeting modern Linux v5 kernels helps elevate user privileges by overwriting a
SUID binary of your choice by plunging some payload gold through a pipe.
Long live the SMB relay!
SMB, that magical ubiquitous service making all that noise on netw
11 min
Detection and Response
Run Faster Log Searches With InsightIDR
Let’s explore how to make the best use of InsightIDR’s Log Search capabilities to get the correct data returned back to you as fast as possible.
2 min
Career Development
7 Rapid Questions: Growing From BDR to Commercial Sales Manager With Maria Loughrey
For this installment of 7 Rapid Questions, we sat down with Maria Loughrey, Commercial Sales Manager for the UK and Ireland at our Reading, UK office.
4 min
Public Policy
New US Law to Require Cyber Incident Reports
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.
2 min
Emergent Threat Response
CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel
On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel.
2 min
Cloud Security
3 Reasons to Join Rapid7’s Cloud Security Summit
Here are 3 reasons not to miss Rapid7’s third annual Cloud Security Summit, which we’ll be hosting this year on Tuesday, March 29.
8 min
Vulnerability Management
Patch Tuesday - March 2022
March 2022's Patch Tuesday sees Microsoft addressing 71 CVEs (excluding Chromium/Edge), 3 of which are considered Critical.
3 min
Vulnerability Management
InsightVM Scan Engine: Understanding MAC Address Discovery
When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 4, 2022
This week’s Metasploit Framework release brings us seven new modules.
IP Camera Exploitation
Rapid7’s Jacob Baines was busy this week with
two exploit modules that target IP cameras. The first
module exploits an
authenticated file upload on Axis IP cameras. Due to lack of proper
sanitization, an attacker can upload and install an eap application which, when
executed, will grant the attacker root privileg
4 min
Research
Graph Analysis of the Conti Ransomware Group Internal Chats
The leaked communications from the Conti ransomware group are a rich source of intelligence, and the messaging patterns provide even more insight.
42 min
Cybersecurity
Russia-Ukraine Cybersecurity Updates
This ongoing blog provides the need-to-know updates in cybersecurity and threat intelligence relating to the Russia-Ukraine conflict.
9 min
Threat Intel
The Top 5 Russian Cyber Threat Actors to Watch
These 5 threat actors are identified by our Threat Intelligence Research team as the most likely (i.e., highest risk) to carry out cyberattacks against European and US companies.
5 min
Vulnerability Disclosure
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
On February 25, 2022, GitLab published a fix for CVE-2021-4191, a now-patched vulnerability resulting from a missing authentication check.