4 min
Cloud Security
3 Key Challenges for Cloud Identity and Access Management
Here are three of the main challenges that security teams face when implementing a cloud IAM solution, as well as some strategies to help tackle them.
7 min
Detection and Response
Rapid7 MDR Reduced Breaches by 90% via Greater Efficiency to Detect, Investigate, Respond to, and Remediate Breaches
No team can investigate every alert, but forging a valuable partnership with a an MDR provider can provide near-immediate headcount extension to your SOC.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 7/8/22
DFSCoerce - Distributing more than just files
DFS (Distributed File System) is now distributing Net-NTLM credentials thanks to
Spencer McIntyre with a new
auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how
it functions. Note that unlike PetitPotam, this technique does require a normal
domain user’s credentials to work.
The following shows the workflow for targeting a 64-bit Windows Server 2019
domain controller. Metasploit is hostin
2 min
Research
Today’s SOC Strategies Will Soon Be Inadequate
New research sponsored by Rapid7 explores the momentum behind SOC modernization and the role extended detection and response (XDR) plays.
5 min
Security Strategy
How to Build and Enable a Cyber Target Operating Model
In a recent webinar, Rapid7's EMEA CTO Jason Hart explained the journey to a targeted operating cybersecurity model.
2 min
Emergent Threat Response
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.
3 min
Ransomware
For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus
We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.
3 min
Detection and Response
What's New in InsightIDR: Q2 2022 in Review
Here's a look at some of the latest investments we've made to InsightIDR to drive detection and response forward for your organization.
5 min
Cloud Security
Cloud Complexity Requires a Unified Approach to Assessing Risk
As organizations move to the public cloud, there is an increasing need for a security strategy that aligns with the varied states of cloud maturity.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Jul. 1, 2022
SAMR Auxiliary Module
A new SAMR auxiliary module has been added that allows users to add, lookup, and
delete computer accounts from an AD domain. This should be useful for pentesters
on engagements who need to create an AD account to gain an initial foothold into
the domain for lateral movement attacks, or who need to use this functionality
as an attack primitive.
Note when using this module that there is a standard number of computers a user
can add, so be wary that you may get STATUS_DS_MACH
2 min
Career Development
Rapid7 Belfast Recognized for “Company Connection” During COVID-19 Pandemic
Irish News has recognized Rapid7 in its Workplace and Employment Awards, where we’ve taken home the trophy for Best Company Connection.
1 min
Lost Bots
[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes
In the first installment of Season 2 of The Lost Bots, hosts Jeffrey Gardner and Stephen Davis give us their 5 pillars of success for SIEM deployment.
3 min
Application Security
Application Security in 2022: Where Are We Now?
When Forrester put out The State of Application Security, 2022 report, we thought it was a great time to share where we think AppSec is headed.
3 min
Ransomware
For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma
When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.
5 min
Vulnerability Disclosure
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.