3 min
Detection and Response
SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal
The SANS Institute has conducted its sixth annual Threat Hunting Survey. Read this post for a preview of the survey's findings and its takeaways.
5 min
Ransomware
The Ransomware Killchain
How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.
4 min
Cloud Security
OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability
On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).
7 min
Patch Tuesday
Patch Tuesday - September 2021
Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/10/21
Confluence Server OGNL Injection
Our own wvu along with Jang added a module that
exploits an OGNL injection (CVE-2021-26804
)in Atlassian Confluence's WebWork component to execute commands as the Tomcat
user. CVE-2021-26804 is a critical remote code execution vulnerability in
Confluence Server and Confluence Data Center and is actively being exploited in
the wild. Initial di
8 min
Ransomware
The Rise of Disruptive Ransomware Attacks: A Call To Action
Ransomware attacks are on the rise. In this post, we examine the dynamics of this trend and where it might be headed.
2 min
Cloud Security
Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report
The cloud has increased innovation, but it’s also impacted security risks. Our 2021 Cloud Misconfigurations Report takes a closer look at those risks.
4 min
Open Source
Security at Scale in the Open-Source Supply Chain
Securing supply chains based on open-source software requires scalable vulnerability management and vigilant monitoring.
6 min
Vulnerability Disclosure
CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)
Rapid7 researchers discovered that the Akkadian Console version 4.7, a call manager solution, is affected by two vulnerabilities.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/3/21
A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
2 min
Emergent Threat Response
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.
4 min
Cloud Security
SANS Experts: 4 Emerging Enterprise Attack Techniques
According to a report from the SANS Institute, the new wave of attack techniques isn't on the horizon — it’s here.
3 min
Managed Detection and Response (MDR)
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
We’re adding a new capability (and report) to connect proactive and reactive security for our MDR Essentials customers: Attack Surface Visibility.
4 min
Public Policy
Cybersecurity in the Infrastructure Bill
This post provides highlights on cybersecurity in recent infrastructure legislation. Cybersecurity is essential to ensure modern infrastructure is safe, and Rapid7 commends Congress and the Administration for including cybersecurity in the Infrastructure Investment and Jobs Act.