3 min
Metasploit
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows
This week includes modules that target file traversal and arbitrary file read
vulnerabilities for software such as Apache, SolarWinds and Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 . This module exploits an argument
injection vulnerability, resulting in remote code execution and a Meterpreter
shell running in the context of the Administrator user.
Note, that this attac
1 min
Events
Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks
In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses.
4 min
IoT
Helpful tools to get started in IoT Assessments
The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start.
10 min
Managed Detection and Response (MDR)
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5)
Telerik Report Server Auth Bypass
Authors: SinSinology and Spencer McIntyre
Type: Auxiliary
Pull request: #19242
contributed by zeroSteiner
Path: scanner/http/telerik_report_server_auth_bypass
AttackerKB reference: CVE-2024-4358
Description: This adds an exploit for CVE-2024-4358 which is an authentication
bypass in Te
4 min
Security Operations (SOC)
Rapid7 Infuses Generative AI into the InsightPlatform to Supercharge SecOps and Augment MDR Services
At Rapid7, we are pioneering the infusion of artificial intelligence (AI) into our platform and service offerings, transforming the way security operations centers (SOCs) around the globe operate.
7 min
Patch Tuesday
Patch Tuesday - June 2024
MSMQ RCE again. Office malicious file RCEs. SharePoint RCE. DNSSEC NSEC3 DoS.
2 min
Velociraptor
Enhancing Velociraptor with the Cado Security Platform
Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly gather data from remote systems, regardless of their location.
2 min
Emergent Threat Response
CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U
On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting the Serv-U file transfer server. Successful exploitation of the vulnerability allows unauthenticated attackers to read sensitive files on the host.
2 min
Metasploit
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous
In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress
Hash form, this release features the addition of several new binary OSX
stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and
Shell Reverse TCP.
The new osx/aarch64/shell_bind_tcp payload opens a listening port on the target
machine, which allows the attacker to connect to this open port to spawn a
command shell using the user provided command using the exe
5 min
Artificial Intelligence
Securing AI Development in the Cloud: Navigating the Risks and Opportunities
With the promise of enhanced efficiency, personalization, and innovation, organizations are increasingly turning to cloud environments to develop and deploy these powerful AI and ML technologies.
2 min
Vulnerability Management
The Dreaded Network Pivot: An Attack Intelligence Story
The spiritual successor to our annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with our detection and response and threat intelligence teams.
1 min
Insight Agent
New! Insight Agent Support for ARM-based Windows in InsightVM
We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM.
2 min
Metasploit
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs
In this release, we feature a double-double: two exploits each targeting two
pieces of software. The first pair is from h00die
targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to
retrieve the login for the ransomware server, and the second is a directory
traversal vulnerability allowing arbitrary file read. The second pair from Dave
Yesland of Rhino Security targets Progress Flowmon with CVE-2024-2389 and it
pai
4 min
Emergent Threat Response
CVE-2024-24919: Check Point Security Gateway Information Disclosure
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.