Rapid7 Blog

boB Rudis  

AUTHOR STATS:

21

INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know

INTEL-SA-00086 vulnerabilities? What’s Up? (Full update log at the end of the post as we make changes.) Intel decided to talk turkey this week about a cornucopia of vulnerabilities that external (i.e. non-Intel) researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies Research…

The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know

JoltandBleed vulnerabilities? What’s Up? Oracle recently issued emergency patches for five vulnerabilities: CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server. CVE-2017-10267 is a vulnerability of stack overflows. CVE-2017-10278 is a…

The BadRabbit Ransomware Attack: What You Need To Know

What’s Up? Rapid7 has been tracking reports of an expanding ransomware campaign dubbed BadRabbit. Russian news outlets and other organizations across Europe have reported being victims of this malware and the “outbreak” is continuing to spread. The BadRabbit attackers appear to have learned some…

The Wi-Fi KRACK Vulnerability: What You Need to Know

Everything you need to know about the recently disclosed KRACK vulnerability affecting Wi-Fi security protocols (WPA1 and WPA2).…

macOS Keychain Security : What You Need To Know

If you follow the infosec twitterverse or have been keeping an eye on macOS news sites, you’ve likely seen a tweet (with accompanying video) from Patrick Wardle (@patrickwardle) that purports to demonstrate dumping and exfiltration of something called the “keychain” without an associated privilege…

Data Mining the Undiscovered Country

Using Internet-scale Research Data to Quantify and Reduce Exposure It’s been a busy 2017 at Rapid7 Labs. Internet calamity struck swift and often, keeping us all on our toes and giving us a chance to fully test out the capabilities of our internet-scale research…

SMBLoris: What You Need To Know

What's Up?Astute readers may have been following the recent news around "SMBLoris" — a proof-of-concept exploit that takes advantage of a vulnerability in the implementation of SMB services on both Windows and Linux, enabling attackers to "kill you softly" with a clever, low-profile application-level…

(Server) Ransomware in the Cisco 2017 Midyear Cybersecurity Report: Rapid7's Readout

It's summer in the northern hemisphere and many folks are working their way through carefully crafted reading lists, rounding out each evening exploring fictional lands or investigating engrossing biographies. I'm hoping that by the end of this post, you'll be adding another item to your…

Wanna Decryptor (WNCRY) Ransomware Explained

Mark the date: May 12, 2017. This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst — literally — onto the scene with one of the initial targets being the British National Health Service. According to The Guardian: the “unprecedented attack… affected 12 countries and at least…

2017 Verizon Data Breach Report (DBIR): Key Takeaways

The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been released (http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/), once again providing a data-driven snapshot into what topped the cybercrime charts in 2016. There are just under seventy-five information-rich pages to go through, with topics ranging…

ON-AIR: Broadcasting Insecurity

Note: Rebekah Brown was the astute catalyst for the search for insecure broadcast equipment and the major contributor to this post. Reports have surfaced recently of local radio station broadcasts being hijacked and used to play anti-Donald Trump songs (https://www.rt.com/viral/375935-trump-song-hacked-radio/…

The Ransomware Chronicles: A DevOps Survival Guide

NOTE: Tom Sellers, Jon Hart, Derek Abdine and (really) the entire Rapid7 Labs team made this post possible. On the internet, no one may know if you're of the canine persuasion, but with a little time and just a few resources they can easily determine…

12 Days of HaXmas: A HaxMas Carol

(A Story by Rapid7 Labs) Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the…

Election Day: Tracking the Mirai Botnet

by Bob Rudis, Tod Beardsley, Derek Abdine & Rapid7 Labs Team What do I need to know? Over the last several days, the traffic generated by the Mirai family of botnets has changed. We've been tracking the ramp-up and draw-down patterns of Mirai botnet members…

Bringing Home The EXTRABACON [Exploit]

by Derek Abdine & Bob Rudis (photo CC-BY-SA Kalle Gustafsson) Astute readers will no doubt remember the Shadow Brokers leak of the Equation Group exploit kits and hacking tools back in mid-August. More recently, security researchers at SilentSignal noted that it was possible to modify…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now