3 min
Cloud Security
Rapid7 Introduces AI-driven Cloud Anomaly Detection
AWS Re:Invent, Amazon Web Services’ annual mega-conference will soon kick off in Las Vegas and there are sure to be a ton of new cloud security innovations, including Rapid7's new capability - Cloud Anomaly Detection.
1 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Nov. 17, 2023
Possible Web Service Removal
Metasploit has support for running with a local database, or from a remote web
service which can be initialized with msfdb init --component webservice. Future
versions of Metasploit Framework may remove the msfdb remote webservice. Users
that leverage this functionality are invited to react on an issue currently on
GitHub to inform
the maintainers that the feature is used.
New module content (1)
ZoneMind
3 min
Cloud Security
Manage Enterprise Risk at Scale with a Unified, Holistic Approach
The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage.
9 min
Patch Tuesday
Patch Tuesday - November 2023
Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.NET. Overall fewer patches than usual. cURL patch.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 11/10/23
Apache MQ and Three Cisco Modules in a Trenchcoat
This week’s release has a lot of new content and features modules targeting two
major recent vulnerabilities that got a great deal of attention: CVE-2023-46604
targeting Apache MQ
resulting in ransomware deployment and CVE-2023-20198 targeting Cisco IOS XE OS
1 min
Velociraptor
CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.
2 min
Cloud Security
Be Empathetic and Hug Your CISO More!
In the rapidly evolving landscape of cloud computing, the adoption of multi-cloud environments has become a prevailing trend. Organizations increasingly turn to multiple cloud providers to harness diverse features, prevent vendor lock-in, and optimize costs.
2 min
Artificial Intelligence
NEW RESEARCH: Artificial intelligence and Machine Learning Can Be Used to Stop DAST Attacks Before they Start
Artificial intelligence (AI) and machine learning (ML) can be used to thwart unwanted brute-force DAST attacks before they even begin.
3 min
Emergent Threat Response
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
6 min
Ransomware
GhostLocker - A “Work In Progress” RaaS
GhostSec, has introduced a novel Ransom-as-a-Service encryptor known as GhostLocker.
3 min
Azure
Setup of Discovery Connection Azure
Are you having trouble trying to get your Azure assets into your InsightVM security console? This blog will help you get started with assessing your Azure virtual machines in InsightVM.
6 min
Emergent Threat Response
Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
Daniel Lydon and Conor Quinn contributed attacker behavior insights to this
blog.
As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing
exploitation of Atlassian Confluence in multiple customer environments,
including for ransomware deployment. We have confirmed that at least some of the
exploits are targeting CVE-2023-22518
2 min
Metasploit
Metasploit Weekly Wrap-Up: Nov. 3, 2023
PTT for DCSync
This week, community member smashery made an
improvement to the windows_secrets_dump module to enable it to dump domain
hashes using the DCSync method after having authenticated with a Kerberos
ticket. Now, if a user has a valid Kerberos ticket for a privileged account,
they can run the windows_secrets_dump module with the DOMAIN action and obtain
the desired information. No password required. This is particularly useful in
workflows involving the exp
4 min
Emergent Threat Response
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments.
3 min
IoT
Is That Smart Home Technology Secure? Here’s How You Can Find Out.
I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.