3 min
Gartner
5 Insights from the Latest Cybersecurity Trends Research
we’ve singled out five quick insights security professionals and stakeholders should consider when looking ahead. These findings are based on Top Trends in Cybersecurity for 2024, a new research report from Gartner®.
1 min
Awards
Celebrating Excellence: Alex Page Recognized As a CRN 2024 Channel Chief
Congratulations to Rapid7’s Vice President of Global Channel Sales, Alex Page, who is named among the newly-announced CRN 2024 Channel Chiefs!
3 min
Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service
Cybercrime has boomed to the third largest economy in the world behind the US and China, with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a major breach.
14 min
Ransomware
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/02/2024
Shared RubySMB Service Improvements
This week’s updates include improvements to
[http://github.com/rapid7/metasploit-framework/pull/18680] Metasploit
Framework’s SMB server implementation: the SMB server can now be reused across
various SMB modules, which are now able to register their own unique shares and
files. SMB modules can also now be executed concurrently. Currently, there are
15 SMB modules in Metasploit Framework that utilize this feature.
New module content (2)
Mirth Connect Deseria
7 min
Career Development
Rapid7 in Prague: Pete Rubio Shares Insights and Excitement for the New Office
Pete Rubio is the Senior Vice President, Platform & Engineering. Here he discusses the company's newest office in Prague, Czech Republic.
6 min
InsightAppSec
InsightAppSec: Improving Scan Speed and Performance
When scanning a web application in InsightAppSec, you might see it take several hours, if not several days, to run. This can be due to the size of your web app, but plenty of settings in your scan configuration can be modified to help scans complete faster.
5 min
Metasploit
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
detect any suspicious activity. One common way to do so is to add user-land
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
3 min
Security Operations (SOC)
Building the Best SOC Takes Strategic Thinking
So your security team is ready to scale up its security operations center, or
SOC, to better meet the security needs of your organization. That’s great news.
But there are some very important strategic questions that need to be answered
if you want to build the most effective SOC you can and avoid some of the most
common pitfalls teams of any size can encounter.
The Gartner® report SOC Model Guide,
[http://wbpui.dapifi.com/info/soc-model-guide/] is an excellent resource for
understanding how to
2 min
Emergent Threat Response
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
2 min
Metasploit
Metasploit Weekly Wrap-Up 01/19/24
Unicode your way to a php payload and three modules to add to your playbook for
Ansible
Our own jheysel-r7 added an exploit leveraging the fascinating tool of php
filter chaining to prepend a payload using encoding conversion characters and
h00die et. al. have come through and added 3 new Ansible post modules to gather
configuration information, read files, and deploy payloads. While none offer
instantaneous answers across the universe, they will certainly help in red team
exercises.
New module
3 min
Emergent Threat Response
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
widely deployed software this week. Atlassian disclosed
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter Server advisory
[http://www.vmwar
3 min
IoT
Privacy, Security, and Connected Devices: Key Takeaways From CES 2024
The topic of data privacy has become so relevant in our age of smart technology.
With everything becoming connected, including our homes, workplaces, cities, and
even our cars, those who develop this technology are obligated to identify
consumers' expectations for privacy and then find the best ways to meet those
expectations. This of course includes determining how to best secure the data
with which these technologies interact. As you can imagine, accomplishing these
requirements is no easy fea
4 min
CISOs
How CISOs’ Roles – and Security Operations – Will Change in 2024
It’s fair to say that 2023 was a turning point for the cybersecurity industry,
and no one felt it more than the CISO. From the onslaught of ransomware and
zero-day attacks,
[http://wbpui.dapifi.com/blog/post/2024/01/12/2023-ransomware-stats-a-look-back-to-plan-ahead/]
to the SEC’s new reporting rules
[http://wbpui.dapifi.com/globalassets/_pdfs/policy/sec-cybersecurity-compliance-solution-brief.pdf]
, and added to technological innovation and sprawl, CISOs have never been under
more pressure to ge
5 min
Vulnerability Management
Whispers of Atlantida: Safeguarding Your Digital Treasure
Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded.