Posts tagged Research

4 min Research

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.

4 min Research

CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache.

8 min Research

Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip

In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.

4 min Research

Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity

Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.

7 min Research

Cloud Pentesting, Pt. 2: Testing Across Different Deployments

Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.

7 min Vulnerability Disclosure

CVE-2022-1026: Kyocera Net View Address Book Exposure

Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information.

4 min Research

Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.

5 min Russia-Ukraine Conflict

8 Tips for Securing Networks When Time Is Scarce

In light of increased cyber risk surrounding the Russia-Ukraine conflict, we’ve put together 8 tips that defenders can take right now to prepare.

4 min Research

Cloud Pentesting, Pt. 1: Breaking Down the Basics

More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?

4 min Research

Graph Analysis of the Conti Ransomware Group Internal Chats

The leaked communications from the Conti ransomware group are a rich source of intelligence, and the messaging patterns provide even more insight.

5 min Vulnerability Disclosure

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

On February 25, 2022, GitLab published a fix for CVE-2021-4191, a now-patched vulnerability resulting from a missing authentication check.

7 min Ransomware

Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict

On February 27, Twitter user @ContiLeaks released a trove of chat logs from the sophisticated ransomware group, Conti.

6 min Log4Shell

Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal

On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.

4 min Public Policy

Prudent Cybersecurity Preparation for the Potential Russia-Ukraine Conflict

Fending off an attack from a well-resourced nation state is a nightmare scenario for cybersecurity teams. Here are some steps your organization can take to bolster its defenses.

14 min Research

Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.