All Posts

5 min Security Strategy

How to Build and Enable a Cyber Target Operating Model

In a recent webinar, Rapid7's EMEA CTO Jason Hart explained the journey to a targeted operating cybersecurity model.

2 min Emergent Threat Response

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.

3 min Ransomware

For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus

We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.

3 min Security Nation

[Security Nation] Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challenge

In this episode of Security Nation, Jen and Tod are joined again by Pete Cooper and Irene Pontisso of the UK Cabinet Office for a follow-up on the cybersecurity culture challenge they launched in 2021.

3 min Detection and Response

What's New in InsightIDR: Q2 2022 in Review

Here's a look at some of the latest investments we've made to InsightIDR to drive detection and response forward for your organization.

5 min Cloud Security

Cloud Complexity Requires a Unified Approach to Assessing Risk

As organizations move to the public cloud, there is an increasing need for a security strategy that aligns with the varied states of cloud maturity.

2 min Metasploit

Metasploit Weekly Wrap-Up

SAMR Auxiliary Module A new SAMR auxiliary module has been added that allows users to add, lookup, and delete computer accounts from an AD domain. This should be useful for pentesters on engagements who need to create an AD account to gain an initial foothold into the domain for lateral movement attacks, or who need to use this functionality as an attack primitive. Note when using this module that there is a standard number of computers a user can add, so be wary that you may get STATUS_DS_MACH

2 min Career Development

Rapid7 Belfast Recognized for “Company Connection” During COVID-19 Pandemic

Irish News has recognized Rapid7 in its Workplace and Employment Awards, where we’ve taken home the trophy for Best Company Connection.

1 min Lost Bots

[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes

In the first installment of Season 2 of The Lost Bots, hosts Jeffrey Gardner and Stephen Davis give us their 5 pillars of success for SIEM deployment.

3 min Application Security

Application Security in 2022: Where Are We Now?

When Forrester put out The State of Application Security, 2022 report, we thought it was a great time to share where we think AppSec is headed.

3 min Ransomware

For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.

5 min Vulnerability Disclosure

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.

4 min Application Security

API Security: Best Practices for a Changing Attack Surface

APIs have become a large part of the application attack surface, making API security a critical consideration.

2 min Metasploit

Metasploit Weekly Wrap-Up

Add Windows target support for the Confluence OGNL injection module Improves the exploit/multi/http/atlassian_confluence_namespace_ognl_injection module to support Windows server targets. This new target can be used to run payloads in memory with Powershell using the new payload adapters or drop an executable to disk. Once a Meterpreter session is obtained, getsystem can be used to escalate to NT AUTHORITY\SYSTEM using the RPCSS technique (#5) since Confluence service runs as NETWORK SERVICE by

4 min Detection and Response

Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever

Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response (DFIR) tool.