4 min
Vulnerability Disclosure
Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)
A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.
4 min
Rapid7 Culture
Rapid7 Podcast Explores Hybrid-First Workplace Learnings
Rapid7 takes a hybrid-first workplace approach that balances flexibility and productivity with collaboration and optimizing for customer success.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/7/23
The tide rolls in and out.
The flood of new modules last week crested leaving ample time for documentation
updates this week. The team and the community seem to have focused on getting
those sweet sprinkles of information that help everyone understand Metasploit
out to the world.
Enhancements and features (1)
* #17458 from
steve-embling - Updates the
exploit/multi/misc/weblogic_deserialize_ba
1 min
Managed Detection and Response (MDR)
[The Lost Bots] S03E02: Finding unknowns, even spy balloons
Rapid7 Detection and Response Practice Advisor Jeffery Gardner and co-host Stephen Davis, Lead Technical Customer Advisor for MDR, discuss spy balloons and cybersecurity.
8 min
Vulnerability Management
Using InsightVM Remediation Projects To Ensure Accountability
In this blog, we look at two types of console-driven reports and two types of cloud-driven reports (projects)—and how you might use them.
7 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 31, 2023
5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support
3 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q1 2023 in Review
In Q1, we focused driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance.
5 min
Open Source
Velociraptor Version 0.6.8 Available Now
Velociraptor update delivers new client-server communication protocol, VFS GUI, and performance upgrades
4 min
Partners
Rapid7 Announces Partner of the Year Awards 2023 Winners
Rapid7 is proud to announce our Partner of the Year Award winners for 2023!
3 min
Emergent Threat Response
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
Emergent threats evolve quickly. We will update this blog with new information
as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels,
Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and
Christiaan Beek all contributed to this blog.
On Wednesday, March 29, 2023, multiple security firms issued
warnings
2 min
Cybersecurity
Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three
Get practical and actionable advice on how to implement a cyber target operating model that aligns with your business and reduces risk.
33 min
Vulnerability Disclosure
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues and coordinate this disclosure.
2 min
InsightIDR
What’s New in InsightIDR: Q1 2023 in Review
InsightIDR received a number of exciting updates in Q1 2023, including faster search, a redesigned UI, updated investigations, and more.
1 min
Emergent Threat Response
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
Rapid7 is aware of at least one incident where a customer was compromised via CVE-2022-47986. We strongly recommend patching on an emergency basis.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/24/23
Zxyel Routers Beware
This week we've released a module written by first time community contributor
shr70 that can exploit roughly 45 different Zyxel
router and VPN models. The module exploits a buffer overflow vulnerability that
results in unauthenticated remote code execution on affected devices. It's rare
we see a module affect this many devices once and are excited to see this ship
in the framework. We hope pentesters and red-teamers alike can make good use of
this