Posts tagged Research

2 min Quarterly Threat Report

Rapid7 Quarterly Threat Report: 2020 Q1

In this blog, we break down some of the top findings and highlights from the Rapid7 Quarterly Threat Report: 2020 Q1.
11 min Research

The Masked SYNger: Investigating a Traffic Phenomenon

At the beginning of 2020, Rapid7 and other researchers began noticing increased scanning activity against a variety of TCP ports.
4 min Vulnerability Management

May 2020 Cisco Remote Vulnerabilities Guidance

Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.

5 min Research

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.
3 min Vulnerability Risk Management

Meet AttackerKB

Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.
7 min Microsoft

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.

2 min Quarterly Threat Report

Rapid7 2020 Threat Report: Exposing Common Attacker Trends

In this blog, we break-down the three key sections of the newly-released Rapid7 2020 Threat Report.
5 min Events

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

As our team discussed our traditional RSA round-up blog, we started to wonder how easy it would be to predict those key themes before the conference even kicked off.

5 min Research

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?
22 min Research

DOUBLEPULSAR RCE 2: An RDP Story

In this sequel, wvu [https://github.com/wvu-r7] recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR implant's lesser-known RDP variant. If you're unfamiliar with the more common SMB variant, you can read our blog post [/2019/10/02/open-source-command-and-control-of-the-doublepulsar-implant/] detailing how we achieved RCE with it. Table of Contents 0. Background 1. Extracting the implant 2. Installing the implant 3. Pinging the implant 4.

4 min Research

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.

11 min Research

Election Security: What You Need to Know

In this blog, we break down everything you need to know about the collection of security challenges throughout elections.
9 min Research

Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?

The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.
3 min Haxmas

Don't Spread This Holiday Cheer: How to Secure Your Leftover Technology

When you get your new gizmos and gadgets, how can you make sure your old tech is properly handled so your personal data stays safe?

4 min Research

Cisco Self-Signed Certificate Expiration on Jan. 1, 2020: What You Need to Know

Cisco released Field Notice 70489 this week making owners of a wide range of Cisco devices of an impending certificate expiration issue.

Popular Topics

Tags