The Flip Side of memcrashed
Rapid7 Labs keeps a keen eye on research and findings from other savvy security and technology organizations and noticed Cloudflare’s report on new distributed denial of service (DDoS) amplification attacks using memcached. If you haven’t read Cloudflare’s (excellent) analysis yet, the TLDR…
UK NCSC's "Active Cyber Defence" Brings New Hope To Our Combined Fight Against Cybercrime
This week the UK National Cyber Security Centre (NCSC) released their first report on the year one results of their "Active Cyber Defence" (ACD) initiative. And, they're amazing. The ACD program came out of an 2016 effort to re-think, re-imagine and re-tool cybersecurity…
Forget The Presents: HaXmas Is All About The [Gift] Certificates
2017 is nearly at an end, and most of the cybersecurity world is glad to see it go. We've been plagued with a myriad of vulnerabilities, misconfigurations and attacks that have kept many of us working harder than Santa's elves on December 23rd to ensure…
INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know
INTEL-SA-00086 vulnerabilities? What’s Up? (Full update log at the end of the post as we make changes.) Intel decided to talk turkey this week about a cornucopia of vulnerabilities that external (i.e. non-Intel) researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies Research…
The Oracle (PeopleSoft/Tuxedo) JoltandBleed Vulnerabilities: What You Need To Know
JoltandBleed vulnerabilities? What’s Up? Oracle recently issued emergency patches for five vulnerabilities: CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server. CVE-2017-10267 is a vulnerability of stack overflows. CVE-2017-10278 is a…
The BadRabbit Ransomware Attack: What You Need To Know
What’s Up? Rapid7 has been tracking reports of an expanding ransomware campaign dubbed BadRabbit. Russian news outlets and other organizations across Europe have reported being victims of this malware and the “outbreak” is continuing to spread. The BadRabbit attackers appear to have learned some…
The Wi-Fi KRACK Vulnerability: What You Need to Know
Everything you need to know about the recently disclosed KRACK vulnerability affecting Wi-Fi security protocols (WPA1 and WPA2).…
macOS Keychain Security : What You Need To Know
If you follow the infosec twitterverse or have been keeping an eye on macOS news sites, you’ve likely seen a tweet (with accompanying video) from Patrick Wardle (@patrickwardle) that purports to demonstrate dumping and exfiltration of something called the “keychain” without an associated privilege…
Data Mining the Undiscovered Country
Using Internet-scale Research Data to Quantify and Reduce Exposure It’s been a busy 2017 at Rapid7 Labs. Internet calamity struck swift and often, keeping us all on our toes and giving us a chance to fully test out the capabilities of our internet-scale research…
SMBLoris: What You Need To Know
What's Up?Astute readers may have been following the recent news around "SMBLoris" — a proof-of-concept exploit that takes advantage of a vulnerability in the implementation of SMB services on both Windows and Linux, enabling attackers to "kill you softly" with a clever, low-profile application-level…
(Server) Ransomware in the Cisco 2017 Midyear Cybersecurity Report: Rapid7's Readout
It's summer in the northern hemisphere and many folks are working their way through carefully crafted reading lists, rounding out each evening exploring fictional lands or investigating engrossing biographies. I'm hoping that by the end of this post, you'll be adding another item to your…
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017. This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst — literally — onto the scene with one of the initial targets being the British National Health Service. According to The Guardian: the “unprecedented attack… affected 12 countries and at least…
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been released (http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/), once again providing a data-driven snapshot into what topped the cybercrime charts in 2016. There are just under seventy-five information-rich pages to go through, with topics ranging…
ON-AIR: Broadcasting Insecurity
Note: Rebekah Brown was the astute catalyst for the search for insecure broadcast equipment and the major contributor to this post. Reports have surfaced recently of local radio station broadcasts being hijacked and used to play anti-Donald Trump songs (https://www.rt.com/viral/375935-trump-song-hacked-radio/…
The Ransomware Chronicles: A DevOps Survival Guide
NOTE: Tom Sellers, Jon Hart, Derek Abdine and (really) the entire Rapid7 Labs team made this post possible. On the internet, no one may know if you're of the canine persuasion, but with a little time and just a few resources they can easily determine…
