4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 10, 2023
Wowza, a new credential gatherer and login scanner!
This week Metasploit Framework gained a credential gatherer for Wowza Streaming
Engine Manager. Credentials for this application are stored in a file named
admin.password in a known location and the file is readable by default by
BUILTIN\Users on Windows and is world readable on Linux.. The module was written
by community contributor bcoles who also wrote a
login scanner for Wowza this week. The login scanner can b
1 min
Detection and Response
[The Lost Bots] S03E01: Tech Stack Consolidation and Bacon
Jeffrey Gardner, D&R Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, discuss consolidation benefits and potential "gotchas".
4 min
Cloud Security
What Tech Companies Should Look For in Cloud Security
Learn from Temporal Technologies's Brandon Sherman and Ancestry's Tony Black about how today's tech's security teams can tackle cloudsec challenges.
4 min
Vulnerability Management
Vulnerability Management vs. Vulnerability Assessment
Vulnerability assessment (VA) and vulnerability management (VM) are two of the best ways to protect your enterprise against threats, but these terms are often used incorrectly
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/3/23
2022 Vulnerability Intelligence Report Released
Rapid7’s broader vulnerability research team released our 2022 Vulnerability
Intelligence Report
this week. The report includes Metasploit and research team data on
exploitation, exploitability, and vulnerability profiles that are intended to
help security teams understand and prioritize risk more effectively. Put simply,
secur
4 min
InsightCloudSec
New InsightCloudSec Compliance Pack: Key Takeaways From the Azure Security Benchmark V3
In this article, we look at the new Azure Security Benchmark V3 and identify some of the controls that we view as particularly impactful.
4 min
Emergent Threat Response
Active Exploitation of ZK Framework CVE-2022-36537
Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.
2 min
Cybersecurity
Executive Webinar: Confronting Security Fears to Control Cyber Risk
Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives create a positive cybersecurity culture.
2 min
Research
A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report
We’re excited to release Rapid7’s 2022 Vulnerability Intelligence Report—a deep dive into 50 of the most notable vulnerabilities our research team investigated throughout the year.
2 min
Metasploit
Metasploit Wrap-Up: 2/24/23
Basic discover script improvements
This week two improvements were made to the script/resource/basic_discovery.rc
resource script. The first update from community member samsepi0x0
allowed commas in the RHOSTS value, making it
easier to target multiple hosts. Additionally, adfoster-r7
improved the script by adding better handling
for error output. This continues our trend of trying to provide more useful
diagnostic information to
2 min
Managed Threat Complete
The Next Generation of Managed Detection and Response is Here
Managed Threat Complete: It’s always-on MDR plus unlimited vulnerability management with a single subscription.
2 min
Metasploit
Metasploit Wrap-Up: 2/17/23
Cisco RV Series Auth Bypass and Command Injection
Thanks to community contributor neterum , Metasploit
framework just gained an awesome new module which targets Cisco Small Business
RV Series Routers. The module actually exploits two vulnerabilities, an
authentication bypass CVE-2022-20705
and a
command injection vulnerability CVE-2022-20707
1 min
Rapid7 Culture
Rapid7 CEO Corey E. Thomas Appointed To National Security Telecommunications Advisory Committee
President Biden to appoint industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the National Security Telecommunications Advisory Committee.
2 min
Cloud Security
CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report
Cloud Security and IAM providers should consider prioritizing specific CIEM capabilities according to a new Gartner report.
8 min
Vulnerability Management
Patch Tuesday - February 2023
Microsoft has patched 72 CVEs, including three actively-exploited zero-days affecting Windows and Microsoft 365 for Enterprise.