3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
New modules for Jira user enumeration, Git Remote Code execution via git-lfs, Geutebruck Camera post exploitation module, and unauthenticated RCE in elFinder PHP application
3 min
Detection and Response
SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal
The SANS Institute has conducted its sixth annual Threat Hunting Survey. Read this post for a preview of the survey's findings and its takeaways.
5 min
Ransomware
The Ransomware Killchain: How It Works, and How to Protect Your Systems
How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.
1 min
Security Nation
[Security Nation] Craig Williams of Cisco Talos on Proxyware
In this episode of Security Nation, Jen and Tod chat with Craig Williams, recently of Cisco Talos, about proxyware and integrating security acquisitions the right way.
4 min
Cloud Security
OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability
On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).
7 min
Patch Tuesday
Patch Tuesday - September 2021
Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.
1 min
Lost Bots
[The Lost Bots] Episode 5: Insider Threat
In this episode of The Lost Bots, we’re joined by Alan Foster (Manager, Domain Engineers) to discuss insider threats.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
Confluence Server OGNL Injection
Our own wvu [https://github.com/wvu-r7] along with Jang
[https://twitter.com/testanull] added a module that exploits an OGNL injection (
CVE-2021-26804
[https://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection]
)in Atlassian Confluence's WebWork component to execute commands as the Tomcat
user. CVE-2021-26804 is a critical remote code execution vulnerability in
Confluence Server and Confluence Data Center and is actively being expl
8 min
Ransomware
The Rise of Disruptive Ransomware Attacks: A Call To Action
Ransomware attacks are on the rise. In this post, we examine the dynamics of this trend and where it might be headed.
2 min
Cloud Security
Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report
The cloud has increased innovation, but it’s also impacted security risks. Our 2021 Cloud Misconfigurations Report takes a closer look at those risks.
4 min
Detection and Response
Security at Scale in the Open-Source Supply Chain
Securing supply chains based on open-source software requires scalable vulnerability management and vigilant monitoring.
6 min
Vulnerability Disclosure
CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)
Rapid7 researchers discovered that the Akkadian Console version 4.7, a call manager solution, is affected by two vulnerabilities.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up
A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
2 min
Emergent Threat Response
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.