3 min
Cloud Security
2022 Cloud Misconfigurations Report: Cloud Security Breaches and Attack Trends
In the 2022 Cloud Misconfigurations Report, we reviewed 68 accounts of breaches from 2021. Let's take a brief look at some of the findings.
4 min
Emergent Threat Response
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.
4 min
Research
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)
On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache.
8 min
Research
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.
4 min
Research
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
7 min
Research
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.
7 min
Vulnerability Disclosure
CVE-2022-1026: Kyocera Net View Address Book Exposure
Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information.
4 min
Research
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.
5 min
Russia-Ukraine Conflict
8 Tips for Securing Networks When Time Is Scarce
In light of increased cyber risk surrounding the Russia-Ukraine conflict, we’ve put together 8 tips that defenders can take right now to prepare.
4 min
Research
Cloud Pentesting, Pt. 1: Breaking Down the Basics
More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?
4 min
Research
Graph Analysis of the Conti Ransomware Group Internal Chats
The leaked communications from the Conti ransomware group are a rich source of intelligence, and the messaging patterns provide even more insight.
5 min
Vulnerability Disclosure
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
On February 25, 2022, GitLab published a fix for CVE-2021-4191, a now-patched vulnerability resulting from a missing authentication check.
7 min
Ransomware
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
On February 27, Twitter user @ContiLeaks released a trove of chat logs from the sophisticated ransomware group, Conti.
6 min
Log4Shell
Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal
On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.
4 min
Public Policy
Prudent Cybersecurity Preparation for the Potential Russia-Ukraine Conflict
Fending off an attack from a well-resourced nation state is a nightmare scenario for cybersecurity teams. Here are some steps your organization can take to bolster its defenses.