All Posts

2 min Metasploit

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions [https://github.com/rapid7/metasploit-framework/issues/16522] for the win, this week we see a new module written by jheysel-r7 [https://github.com/jheysel-r7] based on CVE-2022-26352 [https://attackerkb.com/topics/7i5Uf6JNl0/cve-2022-26352?referrer=blog] that happens to have been suggested by jvoisin [https://github.com/jvoisin] in the issue queue last month. This module targets an arbitrary file upload in dotCMS [https://github.com/dotCMS/core.git] ve

7 min Cloud Security

Cybersecurity Is More Than a Checklist: Joel Yonts on Tech’s Unfair Disadvantage

We sat down with seasoned security executive Joel Yonts to gets his insights on today's best practices in security for tech companies.

11 min Emergent Threat Response

Active Exploitation of Confluence CVE-2022-26134

On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center.

2 min Detection and Response

The Average SIEM Deployment Takes 6 Months. Don’t Be Average.

If you’re part of the huge growth in demand for cloud-based SIEM, claim your copy of the new Gartner® Report: “How to Deploy a SIEM Solution Successfully.”

1 min Emergent Threat Response

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

On May 30, 2022, Microsoft published an advisory on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool.

4 min Cybersecurity

3 Takeaways From the 2022 Verizon Data Breach Investigations Report

Our takeaways from Verizon's 2022 Breach Report suggest security pros should be doubling down on the big priorities, like ransomware and supply chain.

4 min Metasploit

Metasploit Weekly Wrap-Up

PetitPotam Improvements Metasploit’s Ruby support has been updated to allow anonymous authentication to SMB servers. This is notably useful while exploiting the PetitPotam vulnerability with Metasploit, which can be used to coerce a Domain Controller to send an authentication attempt over SMB to other machines via MS-EFSRPC methods: msf6 auxiliary(scanner/dcerpc/petitpotam) > run 192.168.159.10 [*] 192.168.159.10:445 - Binding to c681d488-d850-11d0-8c52-00c04fd90f7e:1.0@ncacn_np:192.168.159

5 min Career Development

The Forecast Is Flipped: Flipping L&D Enables Managers to Be Impact Multipliers

At Rapid7, we recognize that managers are at the heart of our mission and are central to optimizing the potential of our people.

5 min Career Development

The Rapid7 Sales Culture and Experience: An Inside Look From 2 VPs

We asked two sales leaders who recently joined our team to tell us a little about themselves and why they chose Rapid7 as the next step in their journeys.

2 min Security Nation

[Security Nation] Omer Akgul and Richard Roberts on YouTube VPN Ads

In this episode of Security Nation, Jen and Tod chat with academics Omer Akgul and Richard Roberts about their recent paper about VPN Ads on YouTube.

5 min Cloud Security

What It Takes to Securely Scale Cloud Environments at Tech Companies Today

Here are three ways to help empower your teams to take advantage of the many benefits of public cloud infrastructure without sacrificing security.

7 min Vulnerability Disclosure

CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)

A low-privileged local attacker can prevent the VMware Guest Authentication service from running in a guest Windows environment and can crash this service.

4 min Ransomware

A Year on from the Ransomware Task Force Report

We're marking the anniversary of the Ransomware Task Force’s (RTF) report, which offered 48 recommendations to deter and respond to ransomware attacks

7 min Detection and Response

DFIR Without Limits: Moving Beyond the “Sucker's Choice” of Today’s Breach Response Services

Now, DFIR engagements are part of the core Managed Detection and Response service from Rapid7.

3 min Metasploit

Metasploit Weekly Wrap-Up

Zyxel firewall unauthenticated command injection This week, our very own Jake Baines [https://github.com/jbaines-r7] added an exploit module that leverages CVE-2022-30525 [https://attackerkb.com/topics/LbcysnvxO2/cve-2022-30525?referrer=blog], an unauthenticated remote command injection vulnerability in Zyxel firewalls with zero touch provisioning (ZTP) support. Jake is also the author of the original research and advisory [https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-f