2 min
InsightCloudSec
New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation
Building on our cloud risk scoring, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization and quick remediation of the most critical risks.
2 min
Career Development
Celebrating Excellence: Rapid7 Recognized in Newsweek's Greatest Workplaces in America 2024
In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in Newsweek's Greatest Workplaces in America for 2024.
2 min
Reports
New Research: The Proliferation of Cellular in IoT
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.
4 min
Emergent Threat Response
VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
On July 29, Microsoft published threat intelligence on observed exploitation of CVE-2024-37085, an authentication bypass vulnerability in Broadcom VMware ESXi hypervisors that has been used in multiple ransomware campaigns.
1 min
Artificial Intelligence
Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI
"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on leveraging AI to enhance cyber defenses.
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/26/2024
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304
contributed by heyder
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
Description: This adds an auxiliary module for an XXE which results in an
arbitrary file in Magento which is
1 min
Events
Key Takeaways From The Take Command Summit: Command Your Cloud
The Cloud security landscape is constantly changing. During the "Command Your Cloud" session at the Rapid7 Take Command Summit, industry experts Ryan Blanchard, Jeffrey Gardner and Devin Krugly shared vital strategies for staying ahead of that constant change.
6 min
Vulnerability Disclosure
CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
4 min
From Top Dogs to Unified Pack
Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.
4 min
Penetration Testing
Buying Stuff For Free From Shopping Websites
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install.
9 min
Malware
Malware Campaign Lures Users With Fake W2 Form
Rapid7 has recently observed an ongoing campaign targeting users searching for W2 forms using the Microsoft search engine Bing.
2 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.
1 min
Artificial Intelligence
Unveiling Key Insights from the 2024 Take Command Summit
The 2024 Take Command Summit, held virtually in partnership with AWS, united over 2,000 security professionals to delve into critical cybersecurity issues.
2 min
Research
Defending Against APTs: A Learning Exercise with Kimsuky
The latest research paper coming out of Rapid7 Labs examines the tactics of North Korea’s Kimsuky threat group.
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/12/2024
The Usual Suspects
This release features two new exploits targeting old friends: Confluence and
Ivanti. CVE-2024-21683
is a very easy
vulnerability to exploit, but as pointed out in the AttackerKB Review
, it requires authentication as a ‘Confluence Administrator.’ On the other hand,
CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End