2 min
Emergent Threat Response
CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U
On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting the Serv-U file transfer server. Successful exploitation of the vulnerability allows unauthenticated attackers to read sensitive files on the host.
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous
In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress
Hash form, this release features the addition of several new binary OSX
stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and
Shell Reverse TCP.
The new osx/aarch64/shell_bind_tcp payload opens a listening port on the target
machine, which allows the attacker to connect to this open port to spawn a
command shell using the user provided command using the exe
5 min
Artificial Intelligence
Securing AI Development in the Cloud: Navigating the Risks and Opportunities
With the promise of enhanced efficiency, personalization, and innovation, organizations are increasingly turning to cloud environments to develop and deploy these powerful AI and ML technologies.
2 min
Vulnerability Management
The Dreaded Network Pivot: An Attack Intelligence Story
The spiritual successor to our annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with our detection and response and threat intelligence teams.
1 min
Insight Agent
New! Insight Agent Support for ARM-based Windows in InsightVM
We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM.
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs
In this release, we feature a double-double: two exploits each targeting two
pieces of software. The first pair is from h00die
targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to
retrieve the login for the ransomware server, and the second is a directory
traversal vulnerability allowing arbitrary file read. The second pair from Dave
Yesland of Rhino Security targets Progress Flowmon with CVE-2024-2389 and it
pai
4 min
Emergent Threat Response
CVE-2024-24919: Check Point Security Gateway Information Disclosure
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.
2 min
Career Development
Celebrating Excellence: Joanne Guariglia and Kelly Hiscoe Recognized as CRN's 2024 Women of the Channel
We are thrilled to announce that two of our exceptional team members, Joanne Guarglia and Kelly Hiscoe, have been recognized as CRN's 2024 Women of the Channel.
3 min
Metasploit
Metasploit Weekly Wrap-Up 05/23/2024
Infiltrate the Broadcast!
A new module from Chocapikk allows the user to
perform remote code execution on vulnerable versions of streaming platform
AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module
leverages CVE-2024-31819
, a vulnerability to
PHP Filter Chaining, to gain unauthenticated and unprivileged access, earning it
an attacker value of High on AttackerKB
2 min
Events
The Take Command Summit: A Day of Resilience and Preparation
The Take Command Summit is officially in the books. It was a day-long virtual
powerhouse of major voices and ultra-relevant topics from across the entire
cybersecurity spectrum. We are super proud of the event and grateful for all who
joined us for these important discussions.
At Rapid7 we are eager to have the critical conversations at the critical
moments and right now, the industry faces a great many challenges. From
ransomware to cloud security to building the best 24/7/365 security operat
10 min
Managed Detection and Response (MDR)
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording solutions for courtroom environments.
Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action.
2 min
Research
Rapid7 Releases the 2024 Attack Intelligence Report
Today, during our Take Command Summit, we released our 2024 Attack Intelligence
Report, which pulls in expertise from our researchers, our detection and
response teams, and threat intelligence teams. The result is the clearest
picture yet of the expanding attack surface
and the threats security
professionals face every day.
Since the end of 2020, we’ve seen a significant increase in zero-day
exploitation, ransomware attacks, and mass compro
3 min
Metasploit
Metasploit Wrap-Up 05/17/2024
LDAP Authentication Improvements
This week, in Metasploit v6.4.9, the team has added multiple improvements for
LDAP related attacks. Two improvements relating to authentication is the new
support for Signing
and Channel Binding .
Microsoft has been making changes
3 min
Events
See a Sneak Peek of Tuesday’s Take Command Summit
In just a few short days, some of the best minds in cybersecurity will come
together at Take Command
to discuss the most pressing challenges and opportunities we face as an
industry. The sessions include in-depth discussions on attacker trends and
behaviors, a look into the Rapid7 SOC, top guest speakers with unique insights
into the cybersecurity
4 min
Artificial Intelligence
AI Trust Risk and Security Management: Why Tackle Them Now?
In the evolving world of artificial intelligence (AI), keeping our customers secure and maintaining their trust is our top priority.