5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.
3 min
Vulnerability Management
Adapting existing VM programs to regain control
From elevated expectations, processes, and tooling to pressured budgets, the scale and complexity has made identifying and addressing vulnerabilities in cloud applications and the infrastructure that supports them a seemingly impossible task.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 10/21/22
Zimbra with Postfix LPE (CVE-2022-3569)
This week rbowes added an LPE exploit for Zimbra
with Postfix. The exploit leverages a vulnerability whereby the Zimbra user can
run postfix as root which in turn is capable of executing arbitrary
shellscripts. This can be abused for reliable privilege escalation from the
context of the zimbra service account to root. As of this time, this
vulnerability remains unpatched.
Zimbra RCE (CVE-2022-41352)
rbowes
3 min
Research
New Research: We’re Still Terrible at Passwords; Making it Easy for Attackers
We look at two of the most popular protocols used for remote administration, SSH and RDP, to get a sense of how attackers are taking advantage of weaker password management to gain access to systems.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1
Rapid7 returned to DEF CON 30 and participated at the IoT Village with another hands-on hardware hacking exercise.
2 min
Cloud Security
Emerging best practices for securing cloud-native environments
As technology evolves and threats change rapidly, organizations that stay abreast of the latest developments, trends, and industry standards tend to have fewer security risks than those that don't.
8 min
Vulnerability Disclosure
FLEXlm and Citrix ADM Denial of Service Vulnerability
Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and
not CVE-2022-27511, which has a different root cause.
On June 27, 2022, Citrix released an advisory
for CVE-2022-27511 and
CVE-2022-27512 , which affect
Citrix ADM (Application Del
3 min
Emergent Threat Response
CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"
UPDATE 10/18/22: A previous version of this blog indicated that five JDK
versions (JDK 15+) were not impacted due to the exclusion of the Nashorn
JavaScript engine. However, an updated PoC
came out that uses the
JEXL engine as an exploit path. If JEXL is present, the code executes
successfully, so this issue can be exploited on any JDK where a relevant engine
can be leveraged.
CVE-2022-42889, which some have begun calling “Text4Shell,”
2 min
IoT
Addressing the Evolving Attack Surface Part 1: Modern Challenges
In this webcast, Cindy Stanton highlights where the industry started from traditional vulnerability management which focused on infrastructure but evolved significantly over the last couple of years.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/14/22
Remote code execution modules for Spring Cloud Function and pfSense, plus bug fixes for the Windows secrets dump module.
4 min
Cloud Security
Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk
Today almost all cloud users, roles, and identities are overly permissive. To minimize risk, you need to adopt the principle of least privilege access.
3 min
InsightIDR
A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR
At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.
3 min
Security Operations (SOC)
The Intelligent Listing: Cybersecurity Job Descriptions That Deliver
Modern job descriptions cause a lot of eye-rolling. What used to be a couple of paragraphs is now filled with a laundry list of too many "requirements."
5 min
Gartner
Rapid7 Recognized in the 2022 Gartner® Magic Quadrant™ for SIEM
Rapid7 is proud to represent the huge number of security teams out there today that don’t have time to do it all, but are asked to do it anyway.
5 min
Cloud Security
Real-Time Risk Mitigation in Google Cloud Platform
With Google Cloud Next happening this week, there’s been some recent water cooler talk where discussions about what makes Google Cloud Platform unique when it comes to security.