2 min
Metasploit
Metasploit Wrap-Up 12/10/21
Word and Javascript are a rare duo.
Thanks to thesunRider . you too can experience
the wonder of this mystical duo. The sole new metasploit module this release
adds a file format attack to generate a very special document. By utilizing
Javascript embedded in a Word document to trigger a chain of events that slip
through various Windows facilities, a session as the user who opened the
document can be yours.
Do you like spiders?
It has been 3 years since SMB2 suppo
15 min
Emergent Threat Response
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical RCE vulnerability that is being exploited in the wild.
3 min
Cloud Security
Stay Ahead of Threats With Cloud Workload Protection
Cloud workload protection (CWP) brings major structural changes to software development and enhances security across all processes.
3 min
Compliance
Simplifying Complex Cybersecurity Regulations
Cybersecurity regulations often require similar baseline security practices, even though the legislation may structure compliance requirements differently.
2 min
Application Security
A Dream Team-Up: Integrate InsightAppSec With ServiceNow ITSM
A brand-new integration between InsightAppSec and ServiceNow makes it easier to create tickets for vulnerability scans and remediation.
2 min
Emergent Threat Response
Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices
On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.
3 min
Detection and Response
Demystifying XDR: A Forrester Analyst Lays the Foundation
We sat down with Forrester Analyst Allie Mellen to discuss extended detection and response (XDR) and how organizations can benefit from this approach.
2 min
Emergent Threat Response
Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution
Zoho customers have had a huge incentive lately to keep their software up to date, as recent Zoho critical vulnerabilities have been weaponized shortly after release by advanced attackers.
4 min
Ransomware
3 Strategies That Are More Productive Than Hack Back
Hack back, as used by non-government entities, is problematic for many reasons. Here are 3 alternative strategies to thwart the attackers.
2 min
Metasploit
Congrats to the Winners of the 2021 Metasploit Community CTF
Thanks to everyone who participated in this year's Metasploit community CTF! In this post, we're announcing the winners.
3 min
Cloud Security
Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud
Kubernetes Guardrails in InsightCloudSec help DevOps and security teams both realize the full benefits of cloud and container technologies.
3 min
Vulnerability Management
Deepfakes: A Nascent Cybersecurity Threat
There's one cybersecurity threat trend in particular we think is worth watching out for: deepfakes.
6 min
Cloud Security
InsightCloudSec Supports 12 New AWS Services Announced at re:Invent
The InsightCloudSec team has worked day and night for the last week to deliver support for a dozen of the new services that AWS rolled out at re:Invent.
2 min
Metasploit
Metasploit Wrap-Up: 12/3/21
Metasploit CTF 2021 starts today
It’s that time of year again! Time for the 2021 Metasploit Community CTF
. Earlier today over 1,100 users in more than 530 teams were registered and
opened for participation to solve this year’s 18 challenges. Next week a recap
and the winners will be announced, so stay tuned for more information.
Overlayfs LPE
This week Metasploit shipped an exploit for the recent Overla
2 min
Hacky Holidays 2021
Hacky Holidays From Rapid7! Announcing Our New Festive Blog Series
We're announcing a new name and fresh approach to our annual series of festively themed security content: Hacky Holidays!