CVE-2017-16943: Exim BDAT Use-After-Free
Exim BDAT Use-After-Free (CVE-2017-16943): What You Need To Know Turns out, the Exim Internet Mailer team was busy over the Thanksgiving holiday, after security researcher “meh” reported a pair of vulnerabilities in the wildly popular open source email server. The first, a critical remote execution…
5 Tips for a Cyber Holiday Season
Five tips on how to approach security this holiday season with family and friends…
NCSAM Security Crash Diet: Wrap-up
Wow, it’s November 7 already, and I still have all my National Cyber Security Awareness Month decorations up! I really need to take care of those. But, before I get to taking down all my 2FA authentication token lawn decorations, I figured it’d…
NCSAM: How Hackable Are You?
Rapid7 partnered with The Today Show to offer a fun, fast self-assessment quiz to determine individual cybersecurity risk levels. How hackable are you?…
No-Priority, Post-Auth Vulnerabilities
In the course of collecting and disclosing vulnerabilities, I occasionally come across an issue that walks like a vuln, quacks like a vuln, but… it’s not exactly a vuln. As per our usual vulnerability disclosure process, we still report these issues to vendors. The…
NCSAM: A Personal Security Crash Diet
We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.…
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502, is a somewhat well-known vulnerability pattern, and I would expect…
You've Got 0-Day!
Hey all, it feels like it's been forever since I wrote a blog post that wasn't about some specific disaster currently consuming the Internet, so I just wanted to drop a note here about how I'll be speaking at UNITED 2017, Rapid7's annual security summit…
Petya-like Ransomware Explained
TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to…
R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)
Summary The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015 is vulnerable to stored cross-site scripting in two fields. An attacker would need to have the ability to create a Workspace and entice a victim to visit the malicious page in…
National Exposure Index 2017
Today, Rapid7 is releasing the second National Exposure Index, our effort to quantify the exposure that nations are taking on by offering public services on the internet—not just the webservers (like the one hosting this blog), but also unencrypted POP3, IMAPv4, telnet, database servers,…
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems tested were offerings…
R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)
Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application usernames,…
Metasploit, [REDACTED] Edition
Why should [REDACTED] have all the fun with spiffy codenames for their exploits? As of today, Metasploit is taking a page from [REDACTED], and equipping all Metasploit modules with equally fear-and-awe-inspiring codenames. Sure, there are catchy names for vulnerabilities -- we remember you fondly, Badblock…
R7-2016-28: Multiple Eview EV-07S GPS Tracker Vulnerabilities
Seven issues were identified with the Eview EV-07S GPS tracker, which can allow an unauthenticated attacker to identify deployed devices, remotely reset devices, learn GPS location data, and modify GPS data. Those issues are briefly summarized on the table below. These issues were discovered by…
