1 min
Rapid7’s Mid-Year Threat Review
Rapid7’s 2023 Mid-Year Threat Review aggregates data and analysis from our vulnerability intelligence, managed services, and threat analytics teams to provide a mid-year snapshot of the attack landscape and give organizations actionable guidance on protecting themselves from common threats.
7 min
Vulnerability Management
What's New in CVSS v4
CVSS v4 ushers in some meaningful improvements wrapped in a bit of nuanced complexity, especially if you’re a vendor or threat researcher.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 11, 2023
A new Metabase RCE module, updates to the citrix_formssso_target_rce module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17, and more
9 min
Vulnerability Management
Patch Tuesday - August 2023
ASP.NET zero-day vuln. Teams malicious meetings. MSMQ critical RCE. Patches & a makeover for last month's unpatched zero-day vuln.
4 min
A Message from Rapid7 CEO, Corey Thomas
Earlier today, the following email was shared with Rapid7 employees.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 4, 2023
Fly High in the Sky With This New Cloud Exploit!
This week, a new module was added that takes advantage of both authentication
bypass and command injection in certain versions of Western Digital's MyCloud
hardware. Submitted by community member Erik Wynter
, this module gains access to the target,
attempts to bypass authentication, verifies whether that was successful, then
executes the payload with root privileges. This works on versions before
2.30.196, and offer
3 min
Penetration Testing
Why Physical Social Engineering Engagements are an Important Part of Security
In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.
2 min
Research
Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market
In Security Implications from Improper De-acquisition of Medical Infusion Pumps Rapid7 performs a physical and technical teardown of more than a dozen medical infusion pumps.
6 min
Vulnerability Disclosure
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).
5 min
Application Security
InsightAppSec Advanced Authentication Settings: Token Replacement
InsightAppSec Token Replacement can be used to capture and replay Bearer Authentication tokens, JWT Authentication tokens, or any other form of session token.
4 min
Cloud Security
New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0
The Center for Internet Security (CIS) recently released version two of their AWS Benchmark: CIS AWS Benchmark 2.0.0.
3 min
Cybersecurity
How To Present SecOps Metrics (The Right Way)
Metrics presentations can get boring. So, it is essential for security professionals to make them engaging. Here's how.
3 min
Metasploit
Metasploit Weekly Wrap-Up: July 28, 2023
Unauthenticated RCE in VMware Product
This week, community contributor h00die added an
exploit module that leverages a command injection vulnerability in VMWare Aria
Operations for Networks, formerly known as vRealize Network Insight. Versions
6.2 to 6.10 are vulnerable (CVE-2023-20887
). A
remote attacker could abuse the Apache Thrift RPC interface by sending specially
crafted data and get unauthe
4 min
Penetration Testing
PenTales: There Are Many Ways to Infiltrate the Cloud
At Rapid7 we love a good pen test story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
Rapid7 was engaged to do an AWS cloud ecosystem pentest for a large insurance
group. The test included looking at internal and external as
2 min
Emergent Threat Response
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.