2分钟
InsightCloudSec
New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation
基于我们的云风险评分, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization 和 quick remediation of the most critical risks.
2分钟
职业发展
Celebrating Excellence: Rapid7 Recognized in 新闻week's Greatest Workplaces in America 2024
In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in 新闻week's Greatest Workplaces in America for 2024.
2分钟
报告
New 研究: The Proliferation of Cellular in IoT
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heil和 和 Thermo Fisher Scientific lead product security researcher Carlota Bindner.
4分钟
紧急威胁响应
VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
7月29日, Microsoft published threat intelligence on observed exploitation of CVE-2024-37085, an authentication bypass vulnerability in Broadcom VMware ESXi hypervisors that has been used in multiple ransomware campaigns.
1分钟
人工智能
Key Takeaways From The Take Comm和 Summit: Building Resilient Cyber Defenses Through AI
"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS 和 Rapid7 exploring how artificial intelligence is transforming cybersecurity 和 sharing practical guidance on leveraging AI to enhance cyber defenses.
2分钟
Metasploit
Metasploit Weekly Wrap-Up 07/26/2024
新增模块内容(3)
Magento XXE Unserialize Arbitrary File Read
作者:Heyder和Sergey Temnikov
类型:辅助
拉取请求:#19304
heyder贡献
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
Description: This adds an auxiliary module for an XXE which results in an
任意文件在Magento是
1分钟
事件
Key Takeaways From The Take Comm和 Summit: Comm和 Your Cloud
The Cloud security l和scape is constantly changing. During the "Comm和 Your Cloud" session at the Rapid7 Take Comm和 Summit, 行业专家Ryan Blanchard说, Jeffrey Gardner 和 Devin Krugly shared vital strategies for staying ahead of that constant change.
6分钟
漏洞的披露
CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
4分钟
从Top Dogs到Unified Pack
Each day often presents a new set of challenges 和 responsibilities, particularly as organizations accelerate digital transformation efforts. This means you 和 your cyber team may find yourselves navigating a complex l和scape of multi-cloud environments 和 evolving compliance requirements.
4分钟
渗透测试
Buying Stuff For Free From Shopping Websites
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install.
9分钟
恶意软件
恶意软件 Campaign Lures Users With Fake W2 Form
Rapid7 has recently observed an ongoing campaign targeting users searching for W2 forms using the Microsoft search engine Bing.
2分钟
Metasploit每周总结
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library 和 Meterpreter updates 和 enhancements.
1分钟
人工智能
Unveiling Key Insights from the 2024 Take Comm和 Summit
2024年指挥峰会, held virtually in partnership with AWS, 联合/ 2,000 security professionals to delve into critical cybersecurity issues.
2分钟
研究
Defending Against APTs: A Learning Exercise with Kimsuky
The latest research paper coming out of Rapid7实验室 examines the tactics of North Korea’s Kimsuky threat group.
2分钟
Metasploit
Metasploit Weekly Wrap-Up 07/12/2024
常见的嫌疑犯
This release features two new exploits targeting old friends: Confluence 和
Ivanti. cve - 2024 - 21683
很简单
vulnerability to exploit, but as pointed out in the AttackerKB Review
, it requires authentication as a ‘Confluence Administrator.“另一方面,
CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End