R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)
This post describes CVE-2018-5553, a vulnerability in the Crestron Console service that is preinstalled on the DGE-100. Due to a lack of input sanitization, this service is vulnerable to command injection that can be used to gain root-level access. DGE-100 devices running firmware versions 1.…
2018 National Exposure Index Research Report: Internet Security Posture by Country
Today, I’m happy to announce that Rapid7 has released our third annual National Exposure Index (NEI), a state of the internet report focusing on where in the world the most exposure is presented on the internet. I’m pretty pleased with how this year’…
Whiteboard Wednesday: Your 6-Minute Recap of Q1 2018’s Threat Landscape
Gotten a chance to read Rapid7’s Quarterly Threat Report for 2018 Q1? If not (or if you’re more of an auditory learner), we’ve put together a 6-minute recap video of the major findings. In our Quarterly Threat Reports, our security researchers provide…
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look…
Password Tips From a Pen Tester: 3 Passwords to Eliminate
Every week, Rapid7 conducts penetration testing services for organizations that cracks hundreds—and sometimes thousands—of passwords. Our current password trove has more than 500,000 unique passwords that have been collected over the past two years. Where do these come from? Some of them…
Off the Chain! A Research Paper Observing Bitcoin Nodes on the Public Internet
Over the last several years, blockchain-based technologies have exploded in growth. Lately it seems like blockchains are turning up everywhere, from chicken management systems to the next hot cryptocurrency. Waves of new companies, products and applications exist, often in the form of just wedging a…
An Impressively Unprecedented Drop in Open memcached Services
(Many thanks to Jon Hart and Tom Sellers for their research and content for this blog post.) We started performing weekly monitoring of open/amplification-vulnerable memcached servers after the recent memcrashed amplification distributed denial-of-service (DDoS) attack and today we have some truly awesome news to…
R7-2017-27 | CVE-2017-8987: HPE iLO3 Unauthenticated Remote DoS (FIXED)
This post describes CVE-2017-8987, an unauthenticated remote Denial of Service vulnerability in HPE iLO3 firmware version 1.88. This vulnerability can be exploited by several HTTP methods; once triggered, it lasts for approximately 10 minutes until the watchdog service performs a restart of the iLO3…
The Flip Side of memcrashed
Rapid7 Labs keeps a keen eye on research and findings from other savvy security and technology organizations and noticed Cloudflare’s report on new distributed denial of service (DDoS) amplification attacks using memcached. If you haven’t read Cloudflare’s (excellent) analysis yet, the TLDR…
Smart Sensors: Our Bold New World
Over the last several months I have been surveying our bold new world of smart sensor technology. It is absolutely amazing how advances in this area over the last decade have led to technology that affects our day-to-day lives on a large scale. For example:…
The Ghost of a Botnet (Possibly) Past
For a week and a half in April, Rapid7 Labs observed a botnet with 18,000 distinct IPs marauding across the public internet. Then it disappeared, only to resurface again later. Join us as we tell the HaXmas tale of the ghost of a botnet past!…
Yankee Swapped: MQTT Primer, Exposure, Exploitation, and Exploration
This HaXmas, Rapid7's Jon Hart Yankee swaps readers a few minutes' attention for a festive look at MQTT exposure on the public IPv4 internet (and an exploitation module!).…
Building a Backpack Hypervisor
Researcher, engineer, and Metasploit contributor Brendan Watters shares his experience building a backpack-size hypervisor.…
Multiple vulnerabilities in Wink and Insteon smart home systems
Today we are announcing four issues affecting two popular home automation solutions: Wink's Hub 2 and Insteon's Hub. Neither vendor stored sensitive credentials securely on their associated Android apps. In addition, the Wink cloud-based management API does not properly expire and revoke authentication tokens, and…
Cisco Smart Install Exposure
Cisco Smart Install (SMI) provides configuration and image management capabilities for Cisco switches. Cisco’s SMI documentation goes into more detail than we’ll be touching on in this post, but the short version is that SMI leverages a combination of DHCP, TFTP and a…
