2 min
DAST
New Research: Optimizing DAST Vulnerability Triage with Deep Learning
In new paper, Rapid7 data scientists outline a novel deep learning model to automatically prioritize application security vulnerabilities and reduce false positive friction.
3 min
MITRE ATT&CK
New MITRE Engenuity ATT&CK® Evaluation: Rapid7 MDR Excels
Rapid7 MDR was excited to participate in MITRE's inaugural evaluation. This evaluation was an opportunity to show a wider audience the early detection, accelerated action, and deep partnership engagement that Rapid7 MDR delivers to customers across the globe every day.
6 min
Vulnerability Management
Patch Tuesday - November 2022
Microsoft has patched the two zero-day vulnerabilities in Exchange from September, along with 67 new CVEs (4 of which are also zero-days). Most vulnerabilities this month affect Windows.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to gain root access over the device's secure shell protocol (SSH).
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/4/22
C is for cookie
And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel
added an exploit module based on CVE-2022-24706
targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie
that allows users to run OS commands.
This fake computer I just made says I’m an Admin
Metasploit’s zeroSteiner added a module to
perform Role-based Constrained Delegation (RBCD) on an Active Directory network.
1 min
Emergent Threat Response
Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)
CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.
1 min
Managed Detection and Response (MDR)
Go Inside Rapid7 MDR: Timelines and Tick Tocks
In this new eBook you’ll find real life examples of common threats handled end-to-end by Rapid7 MDR. You can check out the speed and accuracy with which our global SOC experts identify, contain, and respond to attacks.
3 min
Vulnerability Management
Common questions when evolving your VM program
A recent webinar led by two of Rapid7’s leaders, Peter Scott and Cindy Stanton explored the specific challenges of managing the evolution of risk across traditional and cloud environments.
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to modify the data we've extracted.
3 min
Emergent Threat Response
CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed
The Rapid7 research team will update this blog post as we learn more details
about this vulnerability and its attack surface area.
The OpenSSL project released
version 3.0.7 on November 1, 2022, to
address CVE-2022-3786 and CVE-2022-3602
, two high-severity
vulnerabilities affecting OpenSSL’s 3.0.x version stream discovered and reported
by Polar Bear and Viktor Dukhovni. OpenSSL
3 min
7 Rapid Questions
7 Rapid Questions with Toshio Honda, Sr. Security Solutions Engineer
Rapid7 sat down with Senior Security Solutions Engineer, Toshio Honda, to discuss their career and time at Rapid7.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 28, 2022
GLPI htmLawed PHP Command Injection
Our very own bwatters-r7 wrote a module for an
unauthenticated PHP command injection vulnerability that exists in various
versions of GLPI. The vulnerability is due to a third-party vendor test script
being present in default installations. A POST request to
vendor/htmlawed/htmlawed/htmLawedTest.php directly allows an attacker to execute
exec() through the hhook and test parameters, resulting in unauthenticated RCE
as the www
3 min
Security Operations (SOC)
How to Foster Talent in a Cybersecurity Skills Gap
It’s more about thoughtfully building a talent pipeline that benefits your specific organization and moves the needle for the company. The key word in that last sentence? Thoughtfully.
1 min
Risk Management
CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution
On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.