From rapid7.com
Ransomware Groups Demystified: CyberVolk Ransomware | Rapid7 Blog
1 4
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024.
on Thu, 9PM
From rapid7.com
3 Recommendations for Creating a Risk-Based Detection and Response Program | Rapid7 Blog
0 0
In a report released earlier this summer, Gartner analysts offer 3 recommendations for fostering an environment of risk-based threat detection, investigation, and response.
on Sep 25
From rapid7.com
Help, I can’t see! A Primer for Attack Surface Management Blog Series | Rapid7 Blog
0 0
In this series, we will explore the critical challenges and solutions associated with Attack Surface Management (ASM), a vital aspect of modern cybersecurity strategy.
on Sep 19
From rapid7.com
Google Chrome Vulnerability: CVE-2024-7971 Type confusion in V8
0 0
Rapid7's VulnDB is curated repository of vetted computer software exploits and exploitable vulnerabilities.
on Sep 19
From rapid7.com
Metasploit Weekly Wrap-Up: 09/13/2024 | Rapid7 Blog
0 0
This Metasploit Weekly Wrap-Up brings more modules targeting the SPIP publishing platform. Learn more about the details.
on Sep 14
From rapid7.com
Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024 | Rapid7 Blog
0 0
The Gartner® Hype Cycle™ for Security Operations, 2024 looks at the dynamic nature of the threat landscape and the range of tech that SRM professionals use.
on Sep 14
From rapid7.com
Ransomware Groups Demystified: Lynx Ransomware | Rapid7 Blog
0 0
As part of our research and tracking of threats, Rapid7 Labs is actively monitoring new and upcoming threat groups and the ransomware domain is known for having a large number of them.
on Sep 12
From rapid7.com
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed) | Rapid7 Blog
0 0
Apache OFBiz below 18.12.16 is vulnerable to CVE-2024-45195, an unauthenticated remote code execution issue that affects both Linux and Windows.
on Sep 5
From rapid7.com
0 0
Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals.
on Aug 23
From rapid7.com
Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum | Rapid7 Blog
0 0
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks.
on Aug 23
From rapid7.com
Ongoing Social Engineering Campaign Refreshes Payloads | Rapid7 Blog
0 3
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
on Aug 12
From rapid7.com
Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast. | Rapid7 Blog
0 0
The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they’ve been operating in the first half of 2024.
on Aug 9
From rapid7.com
Illuminating the Shadows: Managing the Risks of Shadow AI in Modern Enterprises | Rapid7 Blog
0 0
Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products.
on Aug 8
From rapid7.com
Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access | Rapid7 Blog
0 0
This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization.
on Aug 7
From rapid7.com
New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation | Rapid7 Blog
0 0
Building on our cloud risk scoring, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization and quick remediation of the most critical risks.
on Aug 1
From rapid7.com
New Research: The Proliferation of Cellular in IoT | Rapid7 Blog
0 0
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.
on Jul 31
From rapid7.com
CVE-2024-6922: Automation 360 Server-Side Request Forgery | Rapid7 Blog
0 0
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
on Jul 27
From rapid7.com
Malware Campaign Lures Users With Fake W2 Form | Rapid7 Blog
0 0
Rapid7 has recently observed an ongoing campaign targeting users searching for W2 forms using the Microsoft search engine Bing.
on Jul 24
From rapid7.com
Metasploit Weekly Wrap-Up: 7/19/2024 | Rapid7 Blog
0 0
Contributor hoodie-gr3y added an exploit module that targets the GeoServer open-source application. It's used to view, edit, & share geospatial data.
on Jul 22
From rapid7.com
Defending Against APTs: A Learning Exercise with Kimsuky | Rapid7 Blog
0 0
The latest research paper coming out of Rapid7 Labs examines the tactics of North Korea’s Kimsuky threat group. Learn more!
on Jul 17
From rapid7.com
Supply Chain Compromise Leads to Trojanized Installers | Rapid7 Blog
0 0
Rapid7 investigated suspicious behavior emanating from the installation of Notezilla, RecentX, & Copywhiz. These installers are distributed by Conceptworld.
on Jul 11
From rapid7.com
Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions | Rapid7 Blog
0 0
Rapid7 has successfully completed an Information Security Registered Assessors Program (IRAP) assessment to PROTECTED Level for several of our Insight Platform solutions.
on Jul 9
From rapid7.com
Ubuntu: (Multiple Advisories) (CVE-2024-29510): Ghostscript vulnerabilities
0 0
Rapid7's VulnDB is curated repository of vetted computer software exploits and exploitable vulnerabilities.
on Jul 3
From rapid7.com
Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks | Rapid7 Blog
0 0
In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses.
on Jun 26
From rapid7.com
Malvertising Campaign Leads to Execution of Oyster Backdoor | Rapid7 Blog
0 0
Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.
on Jun 26
From rapid7.com
Authentication Bypasses in MOVEit Transfer and MOVEit Gateway | Rapid7 Blog
0 0
On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806 and CVE-2024-5805.
on Jun 25
From rapid7.com
The Dreaded Network Pivot: An Attack Intelligence Story | Rapid7 Blog
0 0
The spiritual successor to our annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with our detection and response and threat intelligence teams.
on Jun 5
From rapid7.com
CVE-2024-24919: Check Point Security Gateway Information Disclosure | Rapid7 Blog
0 0
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability.
on May 30
From rapid7.com
0 0
Rapid7 has determined that users with Justice AV Solutions (JAVS) Viewer v8.3.7 installed are at high risk and should take immediate action.
on May 23
From rapid7.com
Get The 2024 Attack Intelligence Report - by Rapid7 Labs Research
0 0
Rapid7 Labs has upped the ante with the 2024 Attack Intelligence Report, a 14-month look at attacker behaviors. Explore key findings and get expert advice.
on May 21
From rapid7.com
Metasploit Wrap-Up 05/17/2024 | Rapid7 Blog
0 0
Metasploit adds improved LDAP capabilities along with two new modules.
on May 19
From rapid7.com
Ongoing Malvertising Campaign leads to Ransomware | Rapid7 Blog
0 0
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines.
on May 17
From rapid7.com
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators | Rapid7 Blog
0 0
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
on May 15
From rapid7.com
Ongoing Malvertising Campaign leads to Ransomware | Rapid7 Blog
0 0
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.
on May 15
From rapid7.com
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators | Rapid7 Blog
0 0
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
on May 10
From rapid7.com
Metasploit Weekly Wrap-Up 05/03/24 | Rapid7 Blog
0 0
This week Metasploit adds an improvement to the windows_secrets_dump module along with a new RCE module targeting CVE-2024-1212 in LoadMaster.
on May 3
From rapid7.com
0 0
In part one of our blog series, we discussed how a Rust based application was used to download and execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.
on Apr 10
From rapid7.com
Backdoored XZ Utils (CVE-2024-3094) | Rapid7 Blog
0 0
On Friday, March 29, developer Andres Freund shared that he had discovered an upstream backdoor in widely used command line tool XZ Utils (liblzma).
on Apr 1
From rapid7.com
Stories from the SoC Part 1: IDAT Loader to BruteRatel | Rapid7 Blog
0 0
Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections.
on Mar 28
From rapid7.com
Metasploit Framework 6.4 Released | Rapid7 Blog
0 0
Metasploit 6.4 has been released with Kerberos improvements, new session types, indirect syscalls in the Windows Meterpreter and DNS configuration support.
on Mar 25
From rapid7.com
The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog
0 0
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
on Mar 25
From rapid7.com
The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog
0 0
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
on Mar 21
From rapid7.com
Metasploit Weekly Wrap-Up 02/23/2024 | Rapid7 Blog
0 0
Metasploit adds a new LDAP capture module as well as the Ivanti Connect Secure unauthenticated RCE.
on Mar 1
From rapid7.com
Metasploit Weekly Wrap-Up 02/16/24 | Rapid7 Blog
0 0
Metasploit adds an SMB fetch payload and new Base64 command encoder.
on Feb 17
From rapid7.com
CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED) | Rapid7 Blog
0 0
Rapid7 Labs has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS.
on Feb 14
From rapid7.com
Metasploit Weekly Wrap-Up 02/09/2024 | Rapid7 Blog
0 0
This weeks wrap up includes three new exploits for docker, Fortra GoAnywhere and Cacti.
on Feb 9
From rapid7.com
Vulnerability Disclosure Policy
0 0
Learn more about our vulnerability disclosure policy.
on Feb 7
From rapid7.com
Metasploit Weekly Wrap-Up 01/26/24 | Rapid7 Blog
0 0
This week's wrap-up adds 8 new modules and direct syscalls to Meterpreter's Reflective Loader.
on Jan 26
From rapid7.com
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog
0 0
On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
on Jan 24