Posts tagged Vulnerability Management

7 min Patch Tuesday

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu [https://github.com/wvu-r7] along with Jang [https://twitter.com/testanull] added a module that exploits an OGNL injection ( CVE-2021-26804 [https://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection] )in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and Confluence Data Center and is actively being expl

4 min Detection and Response

Security at Scale in the Open-Source Supply Chain

Securing supply chains based on open-source software requires scalable vulnerability management and vigilant monitoring.

6 min Vulnerability Disclosure

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Rapid7 researchers discovered that the Akkadian Console version 4.7, a call manager solution, is affected by two vulnerabilities.

4 min Vulnerability Disclosure

CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities

Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System.

4 min Cybersecurity

Cybercriminals Selling Access to Compromised Networks: 3 Surprising Research Findings

To help fend off network compromise events and curb breach sales, we decided to analyze why and how criminals sell their network access.

5 min Cybersecurity

Fortinet FortiWeb OS Command Injection

An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.

3 min Cybersecurity

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.

3 min Incident Response

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.

10 min Cybersecurity

Reforming the UK’s Computer Misuse Act

The CMA is the UK’s anti-hacking law, and we've ​provided feedback on the issues we see with the legislation.

6 min Patch Tuesday

Patch Tuesday - August 2021

Hot off the press, it’s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includes updates for three vulnerabilities that were publicly disclosed earlier this month. Let’s jump in. Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM https://msrc.microsoft.com/

11 min Public Policy

Hack Back Is Still Wack

The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.

3 min Virtual Vegas

Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways

Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year.

8 min Ransomware

Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever

Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.

3 min Virtual Vegas

Black Hat 2021: Rapid7 Experts Share Key Day 1 Takeaways

OK, no big deal, we know how this goes. Once again, many of us are attending Black Hat [https://www.blackhat.com/us-21/] in a virtual capacity as COVID-19 meanders its way out of our lives. The good news is that there’s an actual live component again this year in Las Vegas, and that’s progress. Here’s hoping that next year the pandemic will be more firmly in the rearview and any remaining travel trepidation will be a “2021 thing.” So flip the on-switch to some neon lights if you got ‘em, and l