2 min
Career Development
7 Rapid Questions: Growing From BDR to Commercial Sales Manager With Maria Loughrey
For this installment of 7 Rapid Questions, we sat down with Maria Loughrey, Commercial Sales Manager for the UK and Ireland at our Reading, UK office.
4 min
Public Policy
New US Law to Require Cyber Incident Reports
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.
2 min
Emergent Threat Response
CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel
On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel.
2 min
Cloud Security
3 Reasons to Join Rapid7’s Cloud Security Summit
Here are 3 reasons not to miss Rapid7’s third annual Cloud Security Summit, which we’ll be hosting this year on Tuesday, March 29.
8 min
Vulnerability Management
Patch Tuesday - March 2022
March 2022's Patch Tuesday sees Microsoft addressing 71 CVEs (excluding Chromium/Edge), 3 of which are considered Critical.
3 min
Vulnerability Management
InsightVM Scan Engine: Understanding MAC Address Discovery
When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 4, 2022
This week’s Metasploit Framework release brings us seven new modules.
IP Camera Exploitation
Rapid7’s Jacob Baines was busy this week with
two exploit modules that target IP cameras. The first
module exploits an
authenticated file upload on Axis IP cameras. Due to lack of proper
sanitization, an attacker can upload and install an eap application which, when
executed, will grant the attacker root privileg
4 min
Research
Graph Analysis of the Conti Ransomware Group Internal Chats
The leaked communications from the Conti ransomware group are a rich source of intelligence, and the messaging patterns provide even more insight.
42 min
Cybersecurity
Russia-Ukraine Cybersecurity Updates
This ongoing blog provides the need-to-know updates in cybersecurity and threat intelligence relating to the Russia-Ukraine conflict.
9 min
Threat Intel
The Top 5 Russian Cyber Threat Actors to Watch
These 5 threat actors are identified by our Threat Intelligence Research team as the most likely (i.e., highest risk) to carry out cyberattacks against European and US companies.
5 min
Vulnerability Disclosure
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
On February 25, 2022, GitLab published a fix for CVE-2021-4191, a now-patched vulnerability resulting from a missing authentication check.
2 min
Application Security
InsightAppSec GitHub Integration Keeps Risky Code From Reaching Production
The new GitHub Actions integration in InsightAppSec allows security and development teams to automate DAST as part of the CI/CD build pipeline workflow.
7 min
Ransomware
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
On February 27, Twitter user @ContiLeaks released a trove of chat logs from the sophisticated ransomware group, Conti.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 2/25/22
Exchange RCE
Exchange remote code execution vulnerabilities are always valuable exploits to
have. This week Metasploit added an exploit for an authenticated RCE in
Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321
. The
flaw leveraged by the exploit exists in a misconfigured denylist that failed to
prevent a serialized blob from being loaded resulting in code execution. While
this is an authenticate
1 min
Emerging Threats
Russia/Ukraine Conflict: What Is Rapid7 Doing to Protect My Organization?
Rapid7 is monitoring the escalating conflict in Ukraine. To assist with your preparation and response efforts, Rapid7 is constantly making efforts to better protect our customers.