2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/15/22
2 new modules targeting F5 devices, DuckyScript support, bug fixes, and more
5 min
Cloud Security
Aligning to AWS Foundational Security Best Practices With InsightCloudSec
When an organization is moving their IT infrastructure to the cloud or expanding with net-new investment, the hardest tasks for the security team is to identify the proper security policies and controls to keep their cloud environments secure and the applications and sensitive data they host safe.
3 min
InsightIDR
Search Made Easy: InsightIDR’s Secret Weapon for Efficiency and Efficacy
InsightIDR has lots of features that have enabled my organization to identify and respond more easily to threats. In this blog post, I’m going to share some insight into my favorite – InsightIDR’s Log Search function.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/18/22
Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream
(CVE-2021-39144)
There’s nothing quite like a pre-authenticated remote code execution
vulnerability in a piece of enterprise software. This week, community
contributor h00die-gr3y added a module
that targets VMware
NSX Manager using XStream. Due to an unauthenticated endpoint that leverages
XStream for input serialization in VMwa
4 min
InsightCloudSec
Better Cloud Security Shouldn’t Require Bigger Budgets
When security budgets don’t match the pace of the cloud operations they’re tasked with securing, the only thing to do is become an expert in the stretch. It’s hard, and you might currently be under increasing stress to pull it all off.
5 min
Cloud Security
Rapid7 and HashiCorp Partner to Secure Terraform-based Cloud Infrastructure Deployments
In the latest installment in our cloud security “shift-left” blog series, we discuss Rapid7’s recent partnership with HashiCorp, ongoing support for scanning Terraform plans with our IaC security feature, and the recently released integration with Terraform Cloud & Enterprise run tasks.
3 min
Application Security
Rapid7 Takes Home 2 Awards and a Highly Commended Recognition at the 2022 Belfast Telegraph IT Awards
Rapid7 was honored at the Belfast Telegraph's annual IT Awards, Friday, taking home a pair of awards including the coveted “Best Place to Work in IT” in the large company category award, and the “Cyber Security Project of the Year” award.
12 min
Vulnerability Disclosure
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
Rapid7 discovered several vulnerabilities and exposures in specific F5 BIG-IP and BIG-IQ devices in August 2022. Since then, members of our research team have worked with the vendor to discuss impact, resolution, and a coordinated response.
4 min
InsightConnect
How to Develop a SOAR Workflow to Automate a Critical Daily Task
In this blog post, I’ll provide an overview of my experience developing a URL Blocking workflow to fit my organization’s specific needs – and perhaps those of your organization as well!
2 min
Emergent Threat Response
CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities
On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security
Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516
announcing fixes for three vulnerabilities:
* CVE-2022-27510
“Unauthorized access to Gateway user capabilities”
* CVE-2022-27513
3 min
Application Security
GraphQL Security: The Next Evolution in API Protection
GraphQL allows the user to query specific data from a GraphQL schema and return precise results.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/11/22
ADCS - ESC Vulnerable certificate template finder
Our very own Grant Willcox has developed a new module which allows users to
query a LDAP server for vulnerable Active Directory Certificate Services (AD CS)
certificate templates. The module will print the detected certificate details,
and the attack it is susceptible to. This module is capable of checking for
ESC1, ESC2, and ESC3 vulnerable certificates.
Example module output showing an identified vulnerable certificate template:
msf6 auxiliar
1 min
Emergent Threat Response
Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.
4 min
Security Operations (SOC)
Culture Fitness
Companies all over the world tout their positive cultures and how great it is to be part of the team. But what a shrewd potential hire should really be looking for is a culture with true depth, not just a social media presence.
2 min
Cloud Security
Cloud Security: Buyer Be Critical
Explore how to make the best case for more – or any – cloud security at your company, plus get a handy checklist to use when looking into a potential solution. Get started now with the 2022 edition of The Complete Cloud Security Buyer’s Guide from Rapid7.