4 min
Metasploit
Metasploit Wrap-Up: Nov. 12, 2021
Four new modules, including Microsoft OMI local privilege escalation, and a Win32k local privilege escalation module for CVE-2021-40449, impacting Windows 10 x64 build 14393 and 17763
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4
In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking.
2 min
Cloud Security
Time to Act: Bridging the Gap in Cloud Automation Adoption
An overwhelming majority of organizations recognize the value of the cloud, but not all have implemented cloud automation in their security program.
4 min
Public Policy
Update to GLBA Security Requirements for Financial Institutions
The FTC updated cybersecurity requirements for financial institutions under GLBA. This includes access controls, regular penetration testing and vulnerability scanning, and incident response, among other things. Here we'll detail the changes in comparison to the previous rule.
1 min
Emergent Threat Response
CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.
3 min
Application Security
tCell by Rapid7 Supports the Newly Released .NET 6.0
We’re excited to share that we've coordinated our recent .NET and .NET Core agent releases with the brand new .NET 6.0 release from Microsoft.
1 min
Emergent Threat Response
Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs
Over the weekend of November 6, 2021, Rapid7’s Incident Response (IR) and Managed Detection and Response (MDR) teams began seeing opportunistic exploitation of two unrelated CVEs targeting Zoho ManageEngine and Sitecore.
4 min
InsightIDR
InsightIDR Was XDR Before XDR Was Even a Thing: An Origin Story
With InsightIDR, you already have the capability to achieve XDR outcomes right now.
3 min
Application Security
OWASP Top 10 Deep Dive: Getting a Clear View on Vulnerable and Outdated Components
Outdated and vulnerable components have gone up three places in the OWASP Top 10. Here's Why.
3 min
Metasploit
Metasploit Wrap-Up: 11/5/21
GitLab RCE
New Rapid7 team member jbaines-r7 wrote an
exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability
results in unauthenticated remote code execution as the git user. What makes
this module extra neat is the fact that it chains two vulnerabilities together
to achieve this desired effect. The first vulnerability is in GitLab itself that
can be leveraged to pass invalid image files to the ExifTool parser which
contained the second v
1 min
Emergent Threat Response
New NPM library hijacks (coa and rc)
A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.
4 min
Cybersecurity
2022 Planning: The Path to Effective Cybersecurity Maturity
Achieving cybersecurity maturity isn't something you can do overnight — it requires a significant amount of planning, prioritizing, and coordinating across the business.
4 min
Emergent Threat Response
Trojan Source CVE-2021-42572: No Panic Necessary
What is this thing?
Researchers at the University of Cambridge and the University of Edinburgh
recently published a paper on
an attack technique they call “Trojan Source.” The attack targets a weakness in
text-encoding standard Unicode—which allows computers to handle text across many
different languages—to trick compilers into emitting binaries that do not
actually match the logic visible in source code. In other words, what a
developer or secu
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3
The goal in this next phase of the IoT hacking exercise is to turn the console back on.
4 min
Detection and Response
Building Threat-Informed Defenses: Rapid7 Experts Share Their Thoughts on MITRE ATT&CK
Three members of Rapid7's Managed Detection and Response team tell us about their firsthand experience MITRE's ATT&CK Matrix for Enterprise.