All Posts

5 min Managed Detection and Response (MDR)

What’s New in Rapid7 Products & Services: Q1 2024 in Review

We kicked off 2024 with a continued focus on bringing security professionals the tools and functionality needed to anticipate risks, pinpoint threats, and respond faster with confidence.

3 min Rapid7 Disclosure

CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)

Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. The root cause of this vulnerability is Minerva’s implementation of OpenSSL’s OPENSSLDIR parameter, which was set to a path accessible to low-privileged users.

4 min Career Development

Challenges Drive Career Growth: Meet Rudina Tafhasaj

Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, and incredible rewards.

3 min Emergent Threat Response

Backdoored XZ Utils (CVE-2024-3094)

On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used command line tool XZ Utils (liblzma).

3 min Metasploit

Metasploit Weekly Wrap-Up 03/29/2024

Metasploit adds three new exploit modules including an RCE for SharePoint.

10 min Malware

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections.

12 min Metasploit

Metasploit Framework 6.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 [https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/] and the team has added many new features and improvements since then. For news reporters, please reach out to press@rapid7.com. Kerberos Improvements Metasploit 6.3 included initial support for Kerberos authentication within Metasploit and was one of the larger features i

2 min Metasploit

Metasploit Weekly Wrap-Up 03/22/2024

New module content (1) OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: #18618 [https://github.com/rapid7/metasploit-framework/pull/18618] contributed by ErikWynter [https://github.com/ErikWynter] Path: linux/http/opennms_horizon_authenticated_rce AttackerKB reference: CVE-2023-0872 [https://attackerkb.com/search?q=CVE-2023-0872?referrer=blog] Description: This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as t

2 min Research

Why The External Attack Surface Matters: An analysis into APAC related threat activities

Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface.

9 min Research

The Updated APT Playbook: Tales from the Kimsuky threat actor group

Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.

2 min Vulnerability Management

Rapid7 offers continued vulnerability coverage in the face of NVD delays

Recently, the US National Institute of Standards and Technology (NIST) announced on the National Vulnerability Database (NVD) site [https://nvd.nist.gov/] that there would be delays in adding information on newly published CVEs. NVD enriches CVEs with basic details about a vulnerability like the vulnerability’s CVSS score, software products impacted by a CVE, information on the bug, patching status, etc. Since February 12th, 2024, NVD has largely stopped enriching vulnerabilities. Given the bro

2 min Metasploit

Metasploit Wrap-Up 03/15/2024

New module content (3) GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: #18716 [https://github.com/rapid7/metasploit-framework/pull/18716] contributed by h00die [https://github.com/h00die] Path: admin/http/gitlab_password_reset_account_takeover AttackerKB reference: CVE-2023-7028 [https://attackerkb.com/search?q=CVE-2023-7028?referrer=blog] Description: This adds an exploit module that leverages an account-take-over vulnerability to take contr

2 min Career Development

Rapid7’s Ciara Cullinan Recognized as Community Trailblazer in Belfast Awards Program

At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award.

8 min Vulnerability Management

Patch Tuesday - March 2024

No zero-day vulns this month. A single critical RCE: Hyper-V guest escape. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes Service Confidential Containers. Windows 11 compressed folders.