2 min
Metasploit
Metasploit Weekly Wrap-Up
Ask and you may receive
Module suggestions [https://github.com/rapid7/metasploit-framework/issues/16522]
for the win, this week we see a new module written by jheysel-r7
[https://github.com/jheysel-r7] based on CVE-2022-26352
[https://attackerkb.com/topics/7i5Uf6JNl0/cve-2022-26352?referrer=blog] that
happens to have been suggested by jvoisin [https://github.com/jvoisin] in the
issue queue last month. This module targets an arbitrary file upload in dotCMS
[https://github.com/dotCMS/core.git] ve
7 min
Cloud Security
Cybersecurity Is More Than a Checklist: Joel Yonts on Tech’s Unfair Disadvantage
We sat down with seasoned security executive Joel Yonts to gets his insights on today's best practices in security for tech companies.
11 min
Emergent Threat Response
Active Exploitation of Confluence CVE-2022-26134
On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center.
2 min
Detection and Response
The Average SIEM Deployment Takes 6 Months. Don’t Be Average.
If you’re part of the huge growth in demand for cloud-based SIEM, claim your copy of the new Gartner® Report: “How to Deploy a SIEM Solution Successfully.”
1 min
Emergent Threat Response
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
On May 30, 2022, Microsoft published an advisory on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool.
4 min
Cybersecurity
3 Takeaways From the 2022 Verizon Data Breach Investigations Report
Our takeaways from Verizon's 2022 Breach Report suggest security pros should be doubling down on the big priorities, like ransomware and supply chain.
4 min
Metasploit
Metasploit Weekly Wrap-Up
PetitPotam Improvements
Metasploit’s Ruby support has been updated to allow anonymous authentication to
SMB servers. This is notably useful while exploiting the PetitPotam
vulnerability with Metasploit, which can be used to coerce a Domain Controller
to send an authentication attempt over SMB to other machines via MS-EFSRPC
methods:
msf6 auxiliary(scanner/dcerpc/petitpotam) > run 192.168.159.10
[*] 192.168.159.10:445 - Binding to c681d488-d850-11d0-8c52-00c04fd90f7e:1.0@ncacn_np:192.168.159
5 min
Career Development
The Forecast Is Flipped: Flipping L&D Enables Managers to Be Impact Multipliers
At Rapid7, we recognize that managers are at the heart of our mission and are central to optimizing the potential of our people.
5 min
Career Development
The Rapid7 Sales Culture and Experience: An Inside Look From 2 VPs
We asked two sales leaders who recently joined our team to tell us a little about themselves and why they chose Rapid7 as the next step in their journeys.
2 min
Security Nation
[Security Nation] Omer Akgul and Richard Roberts on YouTube VPN Ads
In this episode of Security Nation, Jen and Tod chat with academics Omer Akgul and Richard Roberts about their recent paper about VPN Ads on YouTube.
5 min
Cloud Security
What It Takes to Securely Scale Cloud Environments at Tech Companies Today
Here are three ways to help empower your teams to take advantage of the many benefits of public cloud infrastructure without sacrificing security.
7 min
Vulnerability Disclosure
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service from running in a guest Windows environment and can crash this service.
4 min
Ransomware
A Year on from the Ransomware Task Force Report
We're marking the anniversary of the Ransomware Task Force’s (RTF) report, which offered 48 recommendations to deter and respond to ransomware attacks
7 min
Detection and Response
DFIR Without Limits: Moving Beyond the “Sucker's Choice” of Today’s Breach Response Services
Now, DFIR engagements are part of the core Managed Detection and Response service from Rapid7.
3 min
Metasploit
Metasploit Weekly Wrap-Up
Zyxel firewall unauthenticated command injection
This week, our very own Jake Baines [https://github.com/jbaines-r7] added an
exploit module that leverages CVE-2022-30525
[https://attackerkb.com/topics/LbcysnvxO2/cve-2022-30525?referrer=blog], an
unauthenticated remote command injection vulnerability in Zyxel firewalls with
zero touch provisioning (ZTP) support. Jake is also the author of the original
research and advisory
[https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-f