3 min
IoT
Extracting Firmware from Microcontrollers'
Onboard Flash Memory, Part 2: Nordic RF Microcontrollers
In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).
3 min
Research
Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers
As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.
1 min
Research
Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.
2 min
Research
Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know
The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.
2 min
Metasploit
Introducing the Metasploit Development Diaries
In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
5 min
Research
Buy One Device, Get Data Free: Private Information Remains on Donated Tech
When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center. However, have you ever wondered what happens to these devices and the data within them?
4 min
Research
Rapid7 Introduces Industry Cyber-Exposure Report: ASX 200
Today, Rapid7 released our second Industry Cyber-Exposure Report, examining the overall exposure of the ASX 200 family of companies.
2 min
Research
Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know
This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.
3 min
Vulnerability Management
Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know
On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.
6 min
IoT
[IoT Security] Introduction to Embedded Hardware Hacking
Many security professionals and researchers are intrigued by the idea of opening up and exploring embedded technologies but aren’t sure where to start.
9 min
Research
Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R
Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.
8 min
Vulnerability Management
Understanding Ubiquiti Discovery Service Exposures
On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.
3 min
Research
Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know
Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.
6 min
Haxmas
Happy HaXmas! Year-End Internet Scanning Observations
As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.