8 min
Labs
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.
7 min
Labs
Ransomware Groups Demystified: CyberVolk Ransomware
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024.
4 min
Labs
Ransomware Groups Demystified: Lynx Ransomware
As part of our research and tracking of threats, Rapid7 Labs is actively monitoring new and upcoming threat groups and the ransomware domain is known for having a large number of them.
2 min
Ransomware
Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.
The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they’ve been operating in the first half of 2024.
2 min
Research
Defending Against APTs: A Learning Exercise with Kimsuky
The latest research paper coming out of Rapid7 Labs examines the tactics of North Korea’s Kimsuky threat group.
4 min
InsightCloudSec
What’s New in Rapid7 Products & Services: Q2 2024 in Review
In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services.
4 min
News
State-Sponsored Threat Actors Target Security Researchers
On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.
5 min
Research
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
12 min
Labs
How I Shut Down a (Test) Factory with a Single Layer 2 Packet
In this blog, we discuss how a Denial of Service (DoS) bug could crash all Beckhoff PLCs running the Profinet protocol stack if an attacker gains access.
5 min
Vulnerability Management
Drupalgeddon Vulnerability: What is it? Are You Impacted?
First up: many thanks to Brent Cook [/author/brent-cook/], William Vu
[/author/william-vu/] and Matt Hand for their massive assistance in both the
Rapid7 research into “Drupalgeddon” and their contributions to this post.
Background on the Drupalgeddon vulnerability
The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28
) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory
was released with a patch and CVE (CVE-2018-7600)
[https://www.rapid7.com/
4 min
Honeypots
Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic
UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with
Nexpose's web spider functionality. This check will be performed against any
URIs discovered with the suffix “.action” (the default configuration for Apache
Struts apps). To learn more about using this check, read this post
[https://www.rapid7.com/blog/post/2017/03/15/using-web-spider-to-detect-vulnerable-apache-struts-apps-cve-2017-5638/]
.
UPDATE - March 9th, 2017: Scan your network for this vulnerability
[https://
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud
3 min
Project Sonar
The Internet of Gas Station Tank Gauges -- Final Take?
In early 2015, HD Moore performed one of the first publicly accessible research
related to Internet-connected gas station tank gauges, The Internet of Gas
Station Tank Gauges [/2015/01/22/the-internet-of-gas-station-tank-gauges].
Later that same year, I did a follow-up study that probed a little deeper in
The
Internet of Gas Station Tank Gauges — Take #2
[/2015/11/18/the-internet-of-gas-station-tank-gauges-take-2]. As part of that
study, we were attempting to see if the exposure of these devic
9 min
Project Sonar
Project Sonar Study of LDAP on the Internet
The topic of today's post is a Rapid7 Project Sonar
[https://sonar.labs.rapid7.com/] study of publicly accessible LDAP services on
the Internet. This research effort was started in July of this year and various
portions of it continue today. In light of the Shadowserver Foundations's
recent announcement [https://ldapscan.shadowserver.org/] regarding the
availability relevant reports we thought it would be a good time to make some of
our results public. The study was originally intended to be a
6 min
Project Sonar
Digging for Clam[AV]s with Project Sonar
A little over a week ago some keen-eyed folks discovered a
feature/configuration
weakness [http://seclists.org/nmap-dev/2016/q2/198] in the popular ClamAV
malware scanner that makes it possible to issue administrative commands such as
SCAN or SHUTDOWN remotely—and without authentication—if the daemon happens to be
running on an accessible TCP port. Shortly thereafter, Robert Graham unholstered
his masscan [https://github.com/robertdavidgraham/masscan] tool and did a s
ummary blog post
[http://bl