2 min
Emergent Threat Response
SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know
On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.
10 min
Supply Chain Security
Securing the Supply Chain: Lessons Learned from the Codecov Compromise
This blog post is meant to provide the security community with defensive knowledge and techniques to protect against supply chain attacks involving continuous integration (CI) systems
2 min
Metasploit
Metasploit Wrap-Up: Jul. 9, 2021
A new module for CVE-2021-34527, dubbed PrintNightmare, and a local privilege escalation module for NSClient++
1 min
Apple
Apple Silicon Support on Insight Agent
We are pleased to announce the general availability of native support of Apple Silicon chips for the Rapid7 Insight Agent.
15 min
Detection and Response
Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 2
I will discuss here how to use Regex Editor mode, which assumes a general understanding of regular expression.
2 min
InsightCloudSec
Introducing InsightCloudSec
Rapid7 is proud to announce our next step in helping to drive cloud security forward: InsightCloudSec.
8 min
Vulnerability Disclosure
CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities
Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers.
10 min
Detection and Response
Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 1
New to writing regular expressions? No problem. In this two-part blog series, we’ll cover the basics of regular expressions and how to write regular expression statements (regex) to extract fields from your logs while using the custom parsing tool.
3 min
Gartner
Rapid7 Named a Leader, 2021 Gartner Magic Quadrant for SIEM
This is the second consecutive time our SaaS SIEM—InsightIDR—has been named a Leader in this report.
2 min
Detection and Response
Automated remediation level 4: Actual automation
After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let you calibrate and control the kind of remediation you’re looking to get out of the process.
2 min
Metasploit
Metasploit Wrap-Up: 7/2/21
Containers that fail to Contain
Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the
work of Adam Iwaniuk that breaks out of a Docker container by overwriting the
runc binary of an image which is run in the user context whenever someone
outside the container runs docker exec to make a request of the container.
Execute an Image Please, Wordpress
Community contributor Alexandre Zanni sent us a PR that uses native PHP
functions to upload a file as an image attachment to Wo
8 min
Emergent Threat Response
CVE-2021-34527 PrintNightmare: What You Need to Know
Vulnerability note: This blog originally referenced CVE-2021-1675, but members
of the community noted the week of June 29 that the publicly available exploits
that purported to exploit CVE-2021-1675 may in fact have been targeting a new
vulnerability in the same function as CVE-2021-1675. This was later confirmed,
and Microsoft issued a new CVE for what the research community originally
thought was CVE-2021-1675. Defenders should now follow guidance and remediation
information on the new vulnera
2 min
Emergent Threat Response
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
On June 29, 2021, researcher Michael Stepankin (@artsploit) posted details of a pre-auth remote code execution (RCE) vulnerability, CVE-2021-35464, in ForgeRock Access Manager identity and access management software that front-ends web applications and remote access solutions in many enterprises.
2 min
Threat Intel
Yes, Fraudsters Can Bypass the Strong Customer Authentication (SCA) Requirement
Any new security regulation attracts the attention of fraudsters and cybercriminals. It’s safe to assume they're able to bypass SCA.
5 min
#Rapid7Life Belfast: Why I Joined
Interested in learning why these individuals chose to make a job change during these uncertain times and how Rapid7 made the decision a no-brainer? Read on to find out from a few of our Belfast-based Software Engineers!