2 min
Metasploit
Metasploit Weekly Wrap Up: July 21, 2023
This week's weekly wrapup includes two new Metasploit modules - Piwigo Gather Credentials via SQL Injection ( CVE-2023-26876 ) and Openfire authentication bypass with RCE plugin (CVE-2023-32315)
3 min
Penetration Testing
PenTales: Testing Security Health for a Healthcare Company
At Rapid7 we love a good pen test story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
Rapid7 was tasked with testing a provider website in the healthcare industry.
Providers had the ability on the website to apply for jobs
1 min
Threat Intel
The Japanese Technology and Media Attack Landscape
Recently, we released a major report analyzing the threat landscape of Japan,
the globe’s third largest economy. In that report we looked at the ways in which
threat actors infiltrate Japanese companies (spoiler alert: it is often through
foreign subsidiaries and affiliates) and some of the most pervasive threats
those companies face such as ransomware and state-sponsored threat actors.
We also took a look at some of the hardest hit industries and it should come as
no surprise that some of the
5 min
Vulnerability Disclosure
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.
2 min
Emergent Threat Response
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.
3 min
Cloud Security
Managing Risk Across Hybrid Environments with Executive Risk View
As attack surfaces continue to expand, security teams must evolve the scope and approach of their vulnerability management programs.
4 min
Emergent Threat Response
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.
1 min
Lost Bots
[Lost Bots] S03 E04 A Security Leader’s Playbook for the C-suite
In a special two-part “Lost Bots,” hosts Jeffrey Gardner and Stephen Davis talk about presenting cybersecurity results up the org chart.
2 min
Metasploit
Metasploit Weekly Wrap-Up: July 14, 2023
Authentication bypass in Wordpress Plugin WooCommerce Payments
This week's Metasploit release includes a module for CVE-2023-28121 by h00die
. This module can be used against any wordpress
instance that uses WooCommerce payments < 5.6.1. This module exploits an auth
by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a
header to execute the bypass and use the API to create a new admin user in
Wordpress.
New module content (3)
Wordpress Plugin
1 min
Financial Services
The Japanese Financial Services Attack Landscape
We looked at the ways in which threat actors infiltrate Japanese companies (spoiler alert: it is often through foreign subsidiaries and affiliates) and some of the most pervasive threats those companies face such as ransomware and state-sponsored threat actors.
6 min
Penetration Testing
PenTales: Old Vulnerabilities, New Tricks
At Rapid7 we love a good pentest story. So often they show the cleverness,
skill, resilience, and dedication to our customer’s security that can only come
from actively trying to break it! In this series, we’re going to share some of
our favorite tales from the pen test desk and hopefully highlight some ways you
can improve your own organization’s security.
This engagement began like any other Internal Network Penetration test
. I follo
8 min
Research
Old Blackmoon Trojan, NEW Monetization Approach
Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.
2 min
Emergent Threat Response
SonicWall Recommends Urgent Patching for GMS and Analytics CVEs
SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.
12 min
Vulnerability Management
Patch Tuesday - July 2023
Five zero-day vulns, including an Office maldoc attack with no patch yet and a SmartScreen bypass. Eight critical RCEs, and 130 total vulns. Busier than recent months.
7 min
Vulnerability Disclosure
CVE-2023-29298: Adobe ColdFusion Access Control Bypass
Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.