8 min
Vulnerability Management
Patch Tuesday - October 2022
Microsoft has patched 96 CVEs, including zero-days affecting Windows and Office for Mac. The recent Exchange Server zero-days seen exploited in the wild remain unpatched.
5 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 7, 2022
Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support
This week brings a new and frequently requested feature to the Windows
Meterpreter, the Beacon Object File loader. This new extension, bofloader,
allows for users to execute Beacon Object Files as written for either Cobalt
Strike or Sliver. This extension was provided by a group effort among community
members kev169 , GuhnooPlusLinux
, R0wdyJoe
2 min
Emergent Threat Response
CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies
On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.
3 min
Emergent Threat Response
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.
3 min
InsightIDR
What's New in InsightIDR: Q3 2022 in Review
This Q3 2022 recap post takes a look at some of the latest investments we've made to InsightIDR to drive detection and response forward.
6 min
Velociraptor
Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before
Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 30, 2022
Veritas Backup Exec Agent RCE
This module kindly provided by c0rs targets the
Veritas Backup Exec Agent in order to gain RCE as the system/root user.
The exploit itself is actually a chain of 3 separate CVEs (CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878) which only makes it more impressive.
While you're patching, why not take the time to test your backups too.
Hikvision IP Camera user impersonation
This vulnerability has been present in Hikvision products since 20
5 min
Emergent Threat Response
CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server
On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.
1 min
Lost Bots
[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting
In this episode of The Lost Bots, our hosts dive into the practical side of getting your threat hunting efforts up and running.
4 min
Managed Detection and Response (MDR)
The Empty SOC Shop: Where Has All the Talent Gone?
Here's a closer look at some strategies you can use to address churn and staffing shortages in your security operations center (SOC).
3 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q3 2022 in Review
Let’s take a look at some of the key releases in InsightVM and Nexpose from Q3 2022.
4 min
SIEM
How to Deploy a SIEM That Actually Works
In this guest post, Rapid7 customer Robert Holzer shares three critical steps for a successful SIEM deployment.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 9/23/22
Have you built out that awesome media room?
If your guilty pleasures include using a mobile device to make your home
entertainment system WOW your guests, you might be using Unified Remote
. I hope you are extra cautious about what
devices you let on that WiFi network. A prolific community member h00die
added a module this week that uses a recently
published vulnerability from H4RK3NZ0 to leverage
an unprot
5 min
Threat Intel
Threat Intel Enhances Rapid7 XDR With Improved Visibility and Context
After the one-year milestone of Rapid7’s acquisition of IntSights, the added value threat intelligence brings to our product portfolio is unmistakable.
5 min
Detection and Response
Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity
Should your team adopt XDR, and if yes, how do you evaluate vendors to determine the best approach? This post takes a closer look.