[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team
We asked four Rapid7 team members to tell us a little bit about their RSAC 2022 experience.
The Hidden Harm of Silent Patches
Silent patches limit who understands how to exploit a vulnerability, which sounds like a great plan — but there's a catch.
Evaluating the Security of an Enterprise IoT Deployment at Domino's Pizza
Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things (IoT)-based business solution.
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service from running in a guest Windows environment and can crash this service.
A Year on from the Ransomware Task Force Report
We're marking the anniversary of the Ransomware Task Force’s (RTF) report, which offered 48 recommendations to deter and respond to ransomware attacks
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.
[Infographic] Cloud Misconfigurations: Don't Become a Breach Statistic
Our latest infographic highlights some key commonalities uncovered in our 2022 Cloud Misconfigurations Report.
2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends
In the 2022 Cloud Misconfigurations Report, we reviewed 68 accounts of breaches from 2021. Let's take a brief look at some of the findings.
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)
On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache.
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.
CVE-2022-1026: Kyocera Net View Address Book Exposure
Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information.
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.