7 min
Patch Tuesday
Patch Tuesday - January 2024
Hyper-V critical RCE. Office FBX 3D model vuln. SharePoint RCE. Critical Kerberos MitM. No zero-days. Smallest January PT for several years.
2 min
Metasploit
Metasploit Weekly Wrap-Up 1/05/2024
New module content (2)
Splunk __raw Server Info Disclosure
Authors: KOF2002, h00die, and n00bhaxor
Type: Auxiliary
Pull request: #18635 [http://github.com/rapid7/metasploit-framework/pull/18635]
contributed by n00bhaxor [http://github.com/n00bhaxor]
Path: gather/splunk_raw_server_info
Description: This PR adds a module for an authenticated Splunk information
disclosure vulnerability. This module gathers information about the host machine
and the Splunk install including OS version, build, CP
5 min
Career Development
Rapid7’s Data-Centric Approach to AI in Belfast
Read on to find out more about the importance of data and AI at Rapid7!
2 min
Career Development
Rapid7 Recognized by Newsweek as one of ‘America’s Greatest Workplaces for Diversity for 2024’.
On December 13th, Newsweek Magazine published their list of ‘America’s Greatest Workplaces for Diversity for 2024’.
6 min
IoT
Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities
Rapid7, Inc. (Rapid7) discovered vulnerabilities in Aladdin Connect retrofit kit garage door opener and Android mobile application produced by Genie.
8 min
Metasploit
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and
improvements to the Metasploit Framework. This year marked the 20th anniversary
since Metasploit version 1.0 was committed and the project is still actively
maintained and improved thanks to a thriving community.
Version 6.3
Early this year in January, Metasploit version 6.3
[http://genxuanfo.volamdolong.com/blog/post/2023/01/30/metasploit-framework-6-3-released/]
was released with a number of improvements for targeting Active Dir
10 min
Velociraptor
Velociraptor 0.7.1 Release
Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities that add to the power and efficiency of this open-source digital forensic and incident response (DFIR) platform.
5 min
Vulnerability Management
Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response
The convergence of operational technology (OT) and information technology (IT) has ushered in new efficiencies but has also exposed vulnerabilities. This article explores the pivotal role of Vulnerability Management and Detection and Response (VM/DR) in the realm of Industrial Cybersecurity.
1 min
IoT
There’s One Last Gift Under the Tree, It’s Hands-On IoT!
It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 22, 2023
Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.
3 min
Artificial Intelligence
Securely Build AI/ML Applications in the Cloud with Rapid7 InsightCloudSec
Advancements in Artificial Intelligence and Machine Learning have marked a transformative era, influencing virtually every facet of our lives. As society embraces these advancements, the implications of Generative AI and LLMs extend across diverse sectors.
6 min
Managed Threat Complete
What’s New in Rapid7 Products & Services: 2023 Year in Review
Throughout 2023 Rapid7 has made investments across the Insight Platform to further our mission of providing security teams with the tools to proactively anticipate imminent risk, prevent breaches earlier, and respond faster to threats.
4 min
Artificial Intelligence
Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023
As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligence (AI) and Machine Learning (ML), security and more.
4 min
Cloud Security
Expanded Coverage and New Attack Path Visualizations Help Security Teams Prioritize Cloud Risk and Understand Blast Radius
Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with.
3 min
Artificial Intelligence
We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead
Here at Rapid7 we’ve seen a whole lot of threats and exploited vulnerabilities in 2023, many in the form of zero days. So it can be a little overwhelming to think about what could be in store for us in the year ahead.