3 min
Emergent Threat Response
Multiple Vulnerabilities in Common Unix Printing System (CUPS)
Multiple unpatched vulnerabilities were publicly disclosed in the Common Unix Printing System (CUPS), a popular IPP-based open-source printing system.
4 min
InsightCloudSec
Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 and Azure DevOps
We recognize this critical need and have added new integration for InsightCloudSec (ICS) and Exposure Command with Azure DevOps for Infrastructure as code (IaC) tooling, empowering organizations to quickly and effectively safeguard their attack surfaces.
4 min
Forrester Wave
Rapid7 Recognized in Forrester’s 2024 Attack Surface Management (ASM) Wave Report
This week, Rapid7 was recognized as a Contender in Forrester’s 2024 Attack Surface Management (ASM) Wave report.
2 min
Gartner
Three Recommendations for Creating a Risk-Based Detection and Response Program
In a report released earlier this summer, Gartner analysts offer three recommendations for fostering an environment of risk-based threat detection, investigation, and response that includes a deeper understanding of your organization’s risk profile by more than just the security team.
2 min
Managed Detection and Response (MDR)
Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem
Our Rapid7 MXDR service has always been built on InsightIDR, our native SIEM and XDR technology, operationalizing telemetry across the customer environment —endpoint, cloud, identity, and network.
2 min
Metasploit
Metasploit Weekly Wrap-Up 09/20/2024
New module content (3)
update-motd.d Persistence
Author: Julien Voisin
Type: Exploit
Pull request: #19454
contributed by jvoisin
Path: linux/local/motd_persistence
Description: This adds a post module to keep persistence on a Linux target by
writing a motd
bash
script triggered with root privileges every time a user logs into the system
3 min
Emergent Threat Response
High-Risk Vulnerabilities in Common Enterprise Technologies
Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.
6 min
Attack Surface Security
Help, I can’t see! A Primer for Attack Surface Management Blog Series
In this series, we will explore the critical challenges and solutions associated with Attack Surface Management (ASM), a vital aspect of modern cybersecurity strategy.
3 min
Vector Command
Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming
Rapid7 is delighted to announce the launch of Vector Command, a continuous red teaming managed service designed to assess your external attack surface and identify gaps in the security defenses on an ongoing basis.
2 min
Metasploit
Metasploit Weekly Wrap-Up 09/13/2024
SPIP Modules
This week brings more modules targeting the SPIP publishing platform. SPIP has
gained some attention from Metasploit community contributors recently and has
inspired some PHP payload and encoder improvements.
New module content (2)
SPIP BigUp Plugin Unauthenticated RCE
Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec
Type: Exploit
Pull request: #19444
contributed by Chocapikk
Pat
4 min
Gartner
The Growing Importance of Exposure Management: Our Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024
The Gartner® Hype Cycle™ for Security Operations, 2024 was published in late July, and is an interesting look at the dynamic nature of both the threat landscape and the diverse range of technologies that security & risk management (SRM) professionals use to safeguard their organizations.
4 min
Labs
Ransomware Groups Demystified: Lynx Ransomware
As part of our research and tracking of threats, Rapid7 Labs is actively monitoring new and upcoming threat groups and the ransomware domain is known for having a large number of them.
10 min
Patch Tuesday
Patch Tuesday - September 2024
4 zero-days. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT critical RCEs.
4 min
InsightIDR
Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB and Enterprise
Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment.
2 min
Emergent Threat Response
CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices
CVE-2024-40766 is a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. As of September 9, 2024, Rapid7 is aware of several recent incidents in which SonicWall SSLVPN accounts were targeted or compromised.