Microsoft's updates this month address over 60 vulnerabilities, 20 of which are classified as Critical. As usual, most of this month's fixes are browser-related, and nearly half of the flaws could lead to remote code execution (RCE). Patches for Exchange, SQL Server, and Microsoft Office…
An effective incident response plan helps you quickly discover attacks, contain the damage, eradicate the attacker's presence, and restore the integrity of your network and systems.…
Check Yourself Before You Wreck Yourself Even if you're a pro sleuth who can sniff out a vulnerability on even the most hardened of networks, it's always nice to be have some added validation that your attack is going to be successful. That's why it's…
Active Directory serves as the keys to your kingdom, managing user and system access and policies on a daily basis. As such, it’s arguably one of the most important systems to secure, but are you doing it right?…
Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.…
Meterpreter on Axis Everyone loves shells, but Meterpreter sessions are always better. Thanks to William Vu, the axis_srv_parhand_rce module is now capable of giving you a Meterpreter session instead of a regular shell with netcat. DLL Injection for POP/MOV SS Another…
Many parallels can be drawn between the Philippines Data Protection Act and GDPR, but there are some nuances between the two laws—and one massive difference.…
In this post, we’ll review results and trends from Under the Hoodie 2018 as they relate to incident detection, including where our red team found success.…
Cracking a cybersecurity case often requires more than one viewpoint—just look at Starsky and Hutch. For internet-related cases in particular, Rapid7 Labs' Project Sonar and Project Heisenberg each offer unique strengths.…
Developing out a new security program but neglecting to train your employees on it is like shipping out this year’s hottest product but forgetting to stash the instruction manual in the box. The key principle behind CIS Critical Control 17 is implementing a security awareness and training program.…
CMS Exploitation Made Simple "CMS Made Simple" is an open-source Content Management System. Mustafa Hasen discovered and reported that versions 2.2.5 and 2.2.7 include a vulnerability in file uploads that permit an authenticated attacker to gain execution of arbitrary…
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.…
A Security Automation-Focused API for Forward-Thinking Vulnerability Management Released in January of 2018, Rapid7 InsightVM’s API version 3—the RESTful API—was a highly anticipated, perhaps somewhat inconspicuous, addition to our vulnerability management solution. Introduced as a successor to previous API versions, the RESTful…
Privilege Escalation Linux BPF CVE-2017-16995 is a Linux kernel vulnerability in the way that a Berkeley Packet Filter (BPF) is verified. Multiple sign extension bugs allows memory corruption by unprivileged users, which could be used for a local privilege escalation attack by overwriting a credential…
