2 min
Research
Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know
This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.
3 min
Vulnerability Management
Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know
On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.
9 min
Research
Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R
Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.
3 min
Research
Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know
Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.
3 min
Detection and Response
PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know
According to the PHP Extension and Application Repository (PEAR), a security breach had been found on the `pear.php.net` web server.
2 min
Research
Charting the Forthcoming PHPocalypse in 2019
This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.
5 min
Threat Intel
How Retailers Can Protect Against Magecart This Black Friday and Holiday Season
Online credit card-skimming malware Magecart is now a looming threat to nearly every retailer this Black Friday and throughout the rest of the holiday season (and beyond).
6 min
Vulnerability Management
CVE 100K: By The Numbers
There have been 100,000 CVEs published. Here are some stats on the program so far.
5 min
Vulnerability Management
Drupalgeddon Vulnerability: What is it? Are You Impacted?
First up: many thanks to Brent Cook [/author/brent-cook/], William Vu
[/author/william-vu/] and Matt Hand for their massive assistance in both the
Rapid7 research into “Drupalgeddon” and their contributions to this post.
Background on the Drupalgeddon vulnerability
The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28
) as SA-CORE-2018-002 [https://www.drupal.org/sa-core-2018-002]. The advisory
was released with a patch and CVE (CVE-2018-7600)
[https://www.rapid7.com/
3 min
Vulnerability Management
Cisco Smart Install (SMI) Remote Code Execution
What You Need To Know
Researchers from Embedi discovered
[https://web.archive.org/web/20180828224625/https://embedi.com/blog/cisco-smart-install-remote-code-execution/]
(and responsibly disclosed) a stack-based buffer overflow weakness in Cisco
Smart Install Client code which causes the devices to be susceptible to
arbitrary remote code execution without authentication.
Cisco Smart Install (SMI) is a “plug-and-play” configuration and
image-management feature that provides zero-touch deployment
4 min
Haxmas
Forget The Presents: HaXmas Is All About The [Gift] Certificates
2017 is nearly at an end, and most of the cybersecurity world is glad to see it
go. We've been plagued with a myriad of vulnerabilities, misconfigurations and
attacks that have kept many of us working harder than Santa's elves on December
23rd to ensure our systems and networks were not in harm's way.
The attacks may be over, but 2017 is not done "giving" just yet.
Earlier this year, the Google Chrome team announced their intent to deprecate
and remove trust in Symantec-issued certificates due
5 min
Vulnerability Management
INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know
INTEL-SA-00086 vulnerabilities? What’s Up?
(Full update log at the end of the post as we make changes.)
Intel decided to talk turkey
[https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr]
this week about a cornucopia of vulnerabilities that external (i.e. non-Intel)
researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies
Research — discovered in their chips. Yes: chips. Intel conducted a
comprehensive review of their Intel® Management Engine
4 min
Vulnerability Management
The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know
JoltandBleed vulnerabilities? What’s Up?
Oracle recently issued emergency patches for five vulnerabilities:
* CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation
gives an attacker a chance to remotely read the memory of the server.
* CVE-2017-10267 is a vulnerability of stack overflows.
* CVE-2017-10278 is a vulnerability of heap overflows.
* CVE-2017-10266 is a vulnerability that makes it possible for a malicious
actor to bruteforce passwords of DomainPWD which i
3 min
Malware
The BadRabbit Ransomware Attack: What You Need To Know
What’s Up?
Rapid7 has been tracking reports of an expanding ransomware campaign dubbed
BadRabbit. Russian news outlets and other organizations across Europe have
reported being victims of this malware and the “outbreak” is continuing to
spread.
The BadRabbit attackers appear to have learned some lessons from previous
outbreaks earlier this year and have both limited the external spreading
capabilities of the ransomware as well as made the payments a bit harder for
researchers, responders and au
6 min
Vulnerability Management
The Wi-Fi KRACK Vulnerability: What You Need to Know
Everything you need to know about the recently disclosed KRACK vulnerability affecting Wi-Fi security protocols (WPA1 and WPA2).