4 min
Research
Cloud Pentesting, Pt. 3: The Impact of Ecosystem Maturity
Now that we’ve covered the basics of cloud pentesting and the style in which a cloud environment could be attacked, let’s turn our attention to the entirety of this ecosystem.
3 min
Detection and Response
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.
3 min
Application Security
Securing Your Applications Against Spring4Shell (CVE-2022-22965)
In this blog, we wanted to share some recent product enhancements across our application security portfolio to help our customers with easy ways to test and secure their apps against Spring4Shell.
1 min
Metasploit
Metasploit Weekly Wrap-Up: 4/1/22
CVE-2022-22963 - Spring Cloud Function SpEL RCE
A new exploit/multi/http/spring_cloud_function_spel_injection module has been
developed by our very own Spencer McIntyre
which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This
module is unrelated to Spring4Shell CVE-2022-22965
, which is a separate vulnerability in the WebDataBinder component
1 min
Emerging Threats
Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems
We have been continuously monitoring for Spring4Shell exploit attempts in our environment, and we will update this page as learn more.
5 min
InsightIDR
MITRE Engenuity ATT&CK Evaluation: InsightIDR
Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations.
5 min
Ransomware
4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 2
In our second blog in this two-part series, Datto Inc. CISO Ryan Weeks outlines the third and fourth fallacies that perpetuate ransomware risk for SMBs.
15 min
Emergent Threat Response
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.
3 min
Detection and Response
Demystifying XDR: The Time for Implementation Is Now
In the last installment of our Demystifying XDR series, Forrester analyst Allie Mellen fills us in on what XDR implementations look like today.
7 min
Research
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.
7 min
Vulnerability Disclosure
CVE-2022-1026: Kyocera Net View Address Book Exposure
Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information.
4 min
Awards
Rapid7 Announces Partner of the Year Awards 2022 Winners
It’s with immense pleasure that we announce the winners of the Rapid7 Partner of the Year Awards 2022.
3 min
Research
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.
5 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Mar. 25, 2022
Capture Plugin
Capturing credentials is a critical and early phase in the playbook of many
offensive security testers. Metasploit has facilitated this for years with
protocol-specific modules all under the auxiliary/server/capture. Users can
start and configure each of these modules individually, but now the capture
plugin can streamline the process. The capture plugin can easily start 13
different services (17 including SSL enabled versions) on the same listening IP
address including remote int
4 min
Russia-Ukraine Conflict
The Digital Citizen’s Guide to Navigating Cyber Conflict
In this post, we provide advice for non-security-pro digital citizens to protect themselves and, by extension, help protect their organizations.