4 min
Vulnerability Disclosure
CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)
In August 2023, Rapid7 discovered CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. Successful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 1, 2023
Pumpkin Spice Modules
Here in the northern hemisphere, fall is on the way: leaves changing, the air
growing crisp and cool, and some hackers changing the flavor of their caffeine.
This release features a new exploit module targeting Apache NiFi as well as a
new and improved library to interact with it.
New module content (1)
Apache NiFi H2 Connection String Remote Code Execution
Authors: Matei "Mal" Badanoiu and h00die
Type: Exploit
Pull request: #18257
11 min
Detection and Response
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
Rapid7 has observed the Fake Browser Update lure utilizing a sophisticated new loader to execute infostealers.
3 min
Emergent Threat Response
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.
7 min
Penetration Testing
PenTales: What It’s Like on the Red Team
In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security.
5 min
Velociraptor
Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library
Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download.
7 min
Emergent Threat Response
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 25, 2023
PowerPoint
This week’s new features and improvements start with two new exploit modules
leveraging CVE-2023-34960
Chamilo
versions 1.11.18 and below and CVE-2023-26469
in
Jorani 1.0.0. Like CVE-2023-34960
, I too,
feel attacked by PowerPoint sometimes.
We also have several impr
4 min
Cloud Security
Why Your AWS Cloud Container Needs Client-Side Security
With complex network infrastructure and the need to deploy applications across various environments, cloud containers have become increasingly necessary.
3 min
Vendor Consolidation
Three Security Vendor Consolidation Myths Debunked
While security vendor consolidation has many advantages, it’s clear that some myths about consolidation persist.
3 min
Ransomware
Ransomware-as-a-Service Cheat Sheet
Ransomware-as-a-Service, or RaaS, has taken the threat landscape by storm. Learn how to protect your organization against RaaS attacks.
2 min
Awards
Rapid7 Takes 2023 SC Awards for Vulnerability Management and Threat Detection
Rapid7 is proud to announce we have received not one, but two prestigious SC Awards this year!
2 min
Metasploit
Metasploit Weekly Wrap-Up: Aug. 18, 2023
Meterpreter Testing
This week’s release adds new payload tests to our automated test suite. This is
intended to help the team and community members identify issues and behavior
discrepancies before changes are made. Payloads run on a variety of different
platforms including Windows, Linux, and OS X each of which has multiple
Meterpreter implementations available that are now tested to help ensure
consistency. This should improve payload stability and make testing easier for
community members tha
2 min
Velociraptor
Join us for VeloCON 2023: Digging Deeper Together!
Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET.
1 min
Rapid7’s Mid-Year Threat Review
Rapid7’s 2023 Mid-Year Threat Review aggregates data and analysis from our vulnerability intelligence, managed services, and threat analytics teams to provide a mid-year snapshot of the attack landscape and give organizations actionable guidance on protecting themselves from common threats.