Posts tagged Research

4 min Metasploit

Metasploit Wrap-Up

Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource server itself? Well wait no more, as thanks to the work of Aaron Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson [https://www.linkedin.com/in/jonathan-p-004b76a1/], Will

2 min Metasploit

Metasploit Wrap-Up

Containers that fail to Contain Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker exec to make a request of the container. Execute an Image Please, Wordpress Community contributor Alexandre Zanni sent us a PR that uses native PHP functions to upload a file as an image attachment to Wo

2 min Research

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Rapid7 just released the third in our Industry Cyber-Exposure Report (ICER) series. We've slimmed down our research and reporting style, and this series focuses on five areas we believe that CISOs at mega-corporations actually have a shot at accomplishing.

8 min Vulnerability Disclosure

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)

Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.

4 min Vulnerability Disclosure

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.

1 min Research

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350

We are excited to release the second report in our Industry Cyber-Exposure Report (ICER) series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350.

3 min Vulnerability Disclosure

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.

2 min Research

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500

Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report (ICER) series.

2 min Research

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.

8 min National / Industry / Cloud Exposure Report (NICER)

NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS

Read on to learn more about the internet exposure of HTTP and HTTPS from our 2020 NICER Report.

5 min National / Industry / Cloud Exposure Report (NICER)

NICER Protocol Deep Dive: Internet Exposure of NTP

In the latest installment of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of NTP.

5 min National / Industry / Cloud Exposure Report (NICER)

NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS

In this edition of our NICER Protocol Deep Dive blog series, we'll take a closer look at the internet exposure of DNS-over-TLS.

6 min National / Industry / Cloud Exposure Report (NICER)

NICER Protocol Deep Dive: Internet Exposure of DNS

In this edition of our NICER Protocol Deep Dive blog series, we discuss the internet exposure of DNS.

3 min IoT

HaXmas Hardware Hacking

This HaXmas, I decided to dig around a little in Rapid7's library of IoT investigations that never really went anywhere, just to see which tools were used.

4 min Research

Rapid7 Labs’ 2020 Naughty List Summary Report to Santa

Your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe.