All Posts

Patch Tuesday - September 2023

A relatively light month. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.

2 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 8, 2023

New module content (4) Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: #18286 [https://github.com/rapid7/metasploit-framework/pull/18286] contributed by cudalac [https://github.com/cudalac] Path: auxiliary/gather/roundcube_auth_file_read AttackerKB reference: CVE-2017-16651 [https://attackerkb.com/topics/He57FR8fB4/cve-2017-16651?referrer=blog] Description: This PR adds a module to retrieve an arbitrary file on hosts run

2 min Cloud Security

A Look at Our Development Process of the Cloud Resource Enrichment API

Rapid7 has developed a new Cloud Resource Enrichment API that streamlines data retrieval from various cloud resources.

4 min Vulnerability Disclosure

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

In August 2023, Rapid7 discovered CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. Successful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.

2 min Metasploit

Metasploit Weekly Wrap-Up: Sep. 1, 2023

Pumpkin Spice Modules Here in the northern hemisphere, fall is on the way: leaves changing, the air growing crisp and cool, and some hackers changing the flavor of their caffeine. This release features a new exploit module targeting Apache NiFi as well as a new and improved library to interact with it. New module content (1) Apache NiFi H2 Connection String Remote Code Execution Authors: Matei "Mal" Badanoiu and h00die Type: Exploit Pull request: #18257 [https://github.com/rapid7/metasploit-fra

11 min Detection and Response

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Rapid7 has observed the Fake Browser Update lure utilizing a sophisticated new loader to execute infostealers.

3 min Emergent Threat Response

Exploitation of Juniper Networks SRX Series and EX Series Devices

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.

7 min Penetration Testing

PenTales: What It’s Like on the Red Team

In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.

5 min Velociraptor

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download.

7 min Emergent Threat Response

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.

3 min Metasploit

Metasploit Weekly Wrap-Up: Aug. 25, 2023

Power[shell]Point This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 [https://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog] Chamilo versions 1.11.18 and below and CVE-2023-26469 [https://attackerkb.com/topics/RT7G6Vyw1L/cve-2023-26469?referrer=blog] in Jorani 1.0.0. Like CVE-2023-34960 [https://attackerkb.com/topics/VVJpMeSpUP/cve-2023-34960?referrer=blog], I too, feel attacked by PowerPoint sometimes. We also have several impr

4 min Cloud Security

Why Your AWS Cloud Container Needs Client-Side Security

With complex network infrastructure and the need to deploy applications across various environments, cloud containers have become increasingly necessary.

3 min Vendor Consolidation

Three Security Vendor Consolidation Myths Debunked

While security vendor consolidation has many advantages, it’s clear that some myths about consolidation persist.

3 min Ransomware

Ransomware-as-a-Service Cheat Sheet

Ransomware-as-a-Service, or RaaS, has taken the threat landscape by storm. Learn how to protect your organization against RaaS attacks.

2 min Awards

Rapid7 Takes 2023 SC Awards for Vulnerability Management and Threat Detection

Rapid7 is proud to announce we have received not one, but two prestigious SC Awards this year!