16 min
Ongoing Social Engineering Campaign Refreshes Payloads
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
1 min
Metasploit
Metasploit Weekly Wrap-Up 08/09/2024
Black Hat & DEF CON
Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner
& Jack Heysel show off the Metasploit 6.4's
features, focusing on combinations that allow for new, streamlined attack
workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in
room W304!
New module content (1)
Calibre Python Code Injection (CVE-2024-6782)
Authors: Amos Ng and Michael Heinzl
Type: Exploit
Pull request: #19357
1 min
Ransomware
Key Takeaways From The Take Command Summit: Unlocking Security Success
As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks.
7 min
Artificial Intelligence
Illuminating the Shadows: Managing the Risks of Shadow AI in Modern Enterprises
Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products.
4 min
Penetration Testing
Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization.
2 min
Penetration Testing
Details Matter: Pentesting a single device to guarantee security
Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network.
2 min
Ransomware
Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.
The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they’ve been operating in the first half of 2024.
4 min
Exposure Command
Introducing the Rapid7 Command Platform
The introduction of the Rapid7 Command Platform - our unified threat exposure and detection and response platform.
5 min
Exposure Command
Rapid7 Introduces Exposure Command to Eliminate the Security Visibility Gap
Exposure Command provides 360-degree visibility and enables security teams to pinpoint and extinguish your most critical risks.
2 min
Metasploit
Metasploit Weekly Wrap-Up 08/02/2024
Metasploit goes to Hacker Summer Camp
Next week, Metasploit will have demos at both Black Hat
and DEF CON where
the latest functionality from this year will be presented. The Black Hat demo
will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on
Saturday the 10th from 12:00 to 13:45.
The highlights will include demonst
2 min
InsightCloudSec
New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation
Building on our cloud risk scoring, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization and quick remediation of the most critical risks.
2 min
Career Development
Celebrating Excellence: Rapid7 Recognized in Newsweek's Greatest Workplaces in America 2024
In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in Newsweek's Greatest Workplaces in America for 2024.
2 min
Reports
New Research: The Proliferation of Cellular in IoT
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.
4 min
Emergent Threat Response
VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
On July 29, Microsoft published threat intelligence on observed exploitation of CVE-2024-37085, an authentication bypass vulnerability in Broadcom VMware ESXi hypervisors that has been used in multiple ransomware campaigns.
1 min
Artificial Intelligence
Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI
"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on leveraging AI to enhance cyber defenses.