4 min
Emergent Threat Response
Active Exploitation of VMware Horizon Servers
Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.
5 min
Security Operations
Metrics That Matter and Curtailing the Cobra Effect
Creating metrics in cybersecurity is hard enough, but creating metrics that matter is a harder challenge still.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 1/14/22
Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
2 min
Career Development
7 Rapid Questions: Stephen Donnelly
For this installment of 7 Rapid Questions, we spoke with Stephen Donnelly, Rapid7's Senior Engineering Manager for SOAR in our Belfast office.
5 min
Hacky Holidays 2021
Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List
Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.
4 min
Managed Detection and Response (MDR)
Evaluating MDR Vendors: A Pocket Buyer's Guide
Here are 4 big-picture questions to use as a quick-reference guide in the early stages of your MDR vendor selection journey.
6 min
IoT
A Quick Look at CES 2022
The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.
3 min
Application Security
A December to Remember — Or, How We Improved InsightAppSec in Q4 in the Midst of Log4Shell
We wanted to take a moment to recap some of InsightAppSec and tCell's Q4 highlights and give us all a little much-deserved break from the madness.
3 min
Detection and Response
Demystifying XDR: How Humans and Machines Join Forces in Threat Response
Finding the right balance between machine learning and human know-how is an essential part of a successful XDR implementation.
10 min
Patch Tuesday
Patch Tuesday - January 2022
The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120
CVEs across the bulk of their product line, including 29 previously patched CVEs
affecting their Edge browser via Chromium. None of these have yet been seen
exploited in the wild, though six were publicly disclosed prior to today. This
includes two Remote Code Execution (RCE) vulnerabilities in open source
libraries that are bundled with more recent versions of Windows: CVE-2021-22947
10 min
Vulnerability Disclosure
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices.
4 min
Hacky Holidays 2021
The 2021 Naughty and Nice Lists: Cybersecurity Edition
We asked some of our trusty cybersecurity go-to's who and what they'd place on their industry-specific naughty and nice lists, respectively, for 2021.
6 min
Log4Shell
Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale
Where do you begin to respond to a critical vulnerability like the one in Apache’s Log4j Java library (a.k.a. Log4Shell)? Start with these 5 concepts.
3 min
Metasploit
Metasploit Wrap-Up: Jan. 7, 2022
Dump Windows secrets from Active Directory
This week, our very own Christophe De La Fuente
added an important update
to the existing
Windows Secret Dump module. It is now able to dump secrets from Active
Directory, which will be very useful for Metasploit users. This new feature uses
the Directory Replication Service through RPC to retrieve data such as SIDs,
password history, Domain user NTLM hashes
7 min
Threat Intel
What's New in Threat Intelligence: 2021 Year in Review
Last year marked a huge milestone with the acquisition of IntSights by Rapid7, and over the course of 2021, we continued to add value to our products.