4 min
Application Security
API Security: Best Practices for a Changing Attack Surface
APIs have become a large part of the application attack surface, making API security a critical consideration.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/24/22
Add Windows target support for the Confluence OGNL injection module
Improves the exploit/multi/http/atlassian_confluence_namespace_ognl_injection
module to support Windows server targets. This new target can be used to run
payloads in memory with Powershell using the new payload adapters or drop an
executable to disk. Once a Meterpreter session is obtained, getsystem can be
used to escalate to NT AUTHORITY\SYSTEM using the RPCSS technique (#5) since
Confluence service runs as NETWORK SERVICE by
4 min
Detection and Response
Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever
Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response (DFIR) tool.
4 min
Vulnerability Disclosure
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)
A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
2 min
Awards
Two Rapid7 Solutions Take Top Honors at SC Awards Europe
We are pleased to announce that two Rapid7 solutions were recognized on Tuesday, June 21, at the prestigious SC Awards Europe.
6 min
Detection and Response
Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction
A Forrester Consulting study commissioned by Rapid7 found our MDR service delivered an estimated 549% return on investment over 3 years.
4 min
Cloud Security
How to Secure App Development in the Cloud, With Tips From Gartner
New Gartner research highlights how to keep your cloud applications safe without resorting to a patchwork of overlapping tools and services.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Jun. 17, 2022
vCenter Secret Extracter
Expanding on the work of the vcenter_forge_saml_token auxiliary module,
community contributor npm-cesium137-io has
added a new module for extracting the vmdir/vmafd certificates, the IdP keypair,
the VMCA root cert, and anything from vmafd that has a private key associated,
from an offline copy of the services database. This information can then be used
with the vcenter_forge_saml_token module to gain a session cookie that grants
acc
4 min
Cybersecurity
4 Strategies to Help Your Cybersecurity Budget Work Harder
Cybersecurity is a growing concern for organisations across all industries, and budget requests are increasing as a result.
1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
5 min
Events
Security Is Shifting in a Cloud-Native World: Insights From RSAC 2022
Here's a closer look at what two Rapid7 presentations from RSAC 2022 had to say about security in a cloud-native world.
4 min
Ransomware
New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers
"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.
3 min
Ransomware
Complimentary GartnerⓇ Report "How to Respond to the 2022 Cyberthreat Landscape": Ransomware Edition
The complimentary GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape"will help you understand and defend against the ransomware threat.
6 min
Patch Tuesday
Patch Tuesday - June 2022
Patches for Follina, more NFS and LDAP vulnerabilities, and the beginning of the end for IE11.
3 min
Vulnerability Disclosure
CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)
With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.