All Posts

3 min Metasploit

Metasploit Weekly Wrap-Up 11/22/2024

JetBrains TeamCity Login Scanner Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. TeamCity has been the subject of multiple ETR vulnerabilities and is a valuable target for attackers. Targeted DCSync added to Windows Secrets Dump This week, Metasploit community member smashery

7 min Malware

A Bag of RATs: VenomRAT vs. AsyncRAT

Remote access tools (RATs) have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT.

3 min Vulnerability Disclosure

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.

2 min AWS

Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

Rapid7 is excited to announce our support for Amazon Web Services’ (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure.

2 min Career Development

Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being.

3 min Exposure Command

Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub

Rapid7’s Remediation Hub, our newest addition to the Exposure Command platform. Remediation Hub automatically prioritizes various risk signals across your hybrid environment and suggests the actions your team can take that would have the largest impact on reducing your overall risk posture.

2 min Security Operations (SOC)

Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products

With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for organizations to layer security defenses and amplify outcomes.

2 min Metasploit

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-9464 is an authenticated OS command injection. The module makes use of both vulnerabilities in order to obtain unauthenticated RCE in the context of the user www-data. New module content (1) Palo Alto Expe

4 min InsightIDR

New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations

Rapid7’s InsightIDR, the foundation of our Managed Detection and Response (MDR) service, empowers security teams with advanced analytics, automation, and expert-led investigations.

3 min Emergent Threat Response

Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces

Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.

12 min Vulnerability Management

Patch Tuesday - November 2024

4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.

5 min Malware

LodaRAT: Established Malware, New Victim Patterns

Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.

3 min Metasploit

Metasploit Wrap-Up: 11/08/2024

RISC-V Support This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. These payloads allow for the execution of commands on compromised hardware, allowing Metasploit Framework and Metasploit Payloads to be used in more environments. SMB To HTTP(S) Relay This new exploit worked on by Rapid7 contributors targets the ESC8 vulnerability. This work is a part of the recent Kerberos and Active Directory efforts targeting multiple

3 min Attack Surface Security

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

By establishing visibility of the attack surface and implementing management processes to prioritize, validate, and mobilize responses, security teams can reduce exposures exploited by malicious threat actors.

4 min Career Development

Cathal O’Neill - Taking Command of Your Career in Tech

Cathal O’Neill joined Rapid7 in 2023 as a Senior Engineering Manager, and he has since advanced to the role of Engineering Director.

" class="hidden">江苏护理职业学院