1 min
Emergent Threat Response
New NPM library hijacks (coa and rc)
A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.
4 min
Cybersecurity
2022 Planning: The Path to Effective Cybersecurity Maturity
Achieving cybersecurity maturity isn't something you can do overnight — it requires a significant amount of planning, prioritizing, and coordinating across the business.
4 min
Emergent Threat Response
Trojan Source CVE-2021-42572: No Panic Necessary
What is this thing?
Researchers at the University of Cambridge and the University of Edinburgh
recently published a paper on
an attack technique they call “Trojan Source.” The attack targets a weakness in
text-encoding standard Unicode—which allows computers to handle text across many
different languages—to trick compilers into emitting binaries that do not
actually match the logic visible in source code. In other words, what a
developer or secu
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3
The goal in this next phase of the IoT hacking exercise is to turn the console back on.
4 min
Detection and Response
Building Threat-Informed Defenses: Rapid7 Experts Share Their Thoughts on MITRE ATT&CK
Three members of Rapid7's Managed Detection and Response team tell us about their firsthand experience MITRE's ATT&CK Matrix for Enterprise.
4 min
InsightVM
InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning
Scan Diagnostics will report a “vulnerable” result against assets when the Scan Engine is supplied with credentials but unable to gather local information.
2 min
Cloud Security
A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 2
Neither the agent-based nor agentless cloud security approach is better than the other. In some cases, it could be beneficial to leverage both.
3 min
InsightAppSec
Solving the Access Goldilocks Problem: RBAC for InsightAppSec Is Here
Role-Based Access Control (RBAC) lets you flexibly provide the right levels of access to InsightAppSec for each role on your security team.
2 min
Emergent Threat Response
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild
Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Oct. 29, 2021
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
12 min
Malware
Infostealer Malware Masquerades as Windows Application
Rapid7's Managed Detection and Response (MDR) team recently identified a malware campaign whose payload installs itself as a Windows application.
6 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2
In part 2 of our series on Rapid7's IoT hacking exercise from DefCon 29, we look at how to determine whether the header we created is UART.
3 min
Rapid7 Culture
Rapid7 Announces Tampa Office Opening
We're thrilled to announce that Rapid7 is expanding its US office footprint with the opening of our newest location in Tampa, Florida.
2 min
Emergent Threat Response
NPM Library (ua-parser-js) Hijacked: What You Need to Know
For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.
3 min
Research
Recog: Data Rules Everything Around Me
Rapid7 has updated the recog framework to help solve the conundrum of content versus code.