所有的帖子

3分钟 Metasploit

Metasploit每周总结2024年9月27日

史诗释放! 本周's release includes 5 new modules, 6 enhancements, 4 fixes 和 1 文档更新. Among the new additions, we have an account take over, SQL 注射、RCE和LPE! Thank you to all the contributors who made it possible! 新模块内容(5) Cisco Smart Software 经理 (SSM) On-Prem Account Takeover (CVE-2024-20419) Authors: Michael Heinzl 和 Mohammed Adel 类型:辅助 拉取请求:#19375 contribut

3分钟 紧急威胁响应

Multiple Vulnerabilities in Common Unix Printing System (CUPS)

Multiple unpatched vulnerabilities were publicly disclosed in the Common Unix Printing System (CUPS), a popular IPP-based open-source printing system.

4分钟 InsightCloudSec

Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 和 Azure DevOps

We recognize this critical need 和 have added new integration for InsightCloudSec (ICS) 和 接触命令 with Azure DevOps for Infrastructure as code (IaC) tooling, empowering organizations to quickly 和 effectively safeguard their attack surfaces.

4分钟 Forrester波

Rapid7 Recognized in Forrester’s 2024 攻击面管理 (ASM) Wave Report

本周, Rapid7 was recognized as a Contender in Forrester’s 2024 攻击面管理 (ASM) Wave report.

2分钟 Gartner

Three Recommendations for Creating a Risk-Based 检测和响应 Program

In a report released earlier this summer, Gartner analysts offer three recommendations for fostering an environment of risk-based threat detection, 调查, 和 response that includes a deeper underst和ing of your organization’s risk profile by more than just the security team.

2分钟 管理检测和响应(耐多药)

Exp和ing the Security Horizon: Introducing Rapid7 耐多药 for the Extended Ecosystem

Our Rapid7 MXDR service has always been built on InsightIDR, 我们的本地SIEM和XDR技术, operationalizing telemetry across the customer environment —endpoint, 云, 身份, 和网络.

2分钟 Metasploit

Metasploit每周总结- 2024年9月20日

新增模块内容(3) update-motd.d持久性 作者:Julien Voisin 类型:利用 拉取请求:#19454 由jvoisin贡献 路径:linux /地方/ motd_persistence Description: This adds a post module to keep persistence on a Linux target by 写月报 bash script triggered with root privileges every time a user logs into the system

2分钟 紧急威胁响应

High-Risk Vulnerabilities in Common Enterprise Technologies

Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, 和Ivanti端点管理器(EPM). These CVEs are likely attack targets for APT 和/or financially motivated adversaries.

6分钟 攻击面安全

救命,我看不见! A Primer for 攻击面管理 博客 Series

在本系列中, we will explore the critical challenges 和 solutions associated with 攻击面管理 (ASM), a vital aspect of modern cybersecurity strategy.

3分钟 向量的命令

Rapid7 Introduces 向量的命令, a New Managed Service for 持续的红队

Rapid7 is delighted to announce the launch of 向量的命令, a continuous red teaming managed service designed to assess your external attack surface 和 identify gaps in the security defenses on an ongoing basis.

2分钟 Metasploit

Metasploit每周总结2024年9月13日

SPIP模块 本周 brings more modules targeting the SPIP publishing platform. SPIP已经 gained some attention from Metasploit community contributors recently 和 has inspired some PHP payload 和 encoder improvements. 新增模块内容(2) SPIP BigUp插件未经认证的RCE Authors: Julien Voisin, Laluka, Valentin Lobstein, 和 Vozec 类型:利用 拉取请求:#19444 由Chocapikk贡献 帕特

4分钟 Gartner

The Growing Importance of 风险管理: Our Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024

The Gartner® Hype Cycle™ for Security Operations, 《ladbrokes立博官网》于7月下旬出版, 和 is an interesting look at the dynamic nature of both the threat l和scape 和 the diverse range of technologies that security & risk management (SRM) professionals use to safeguard their organizations.

4分钟 实验室

Ransomware Groups Demystified: Lynx Ransomware

As part of our research 和 tracking of threats, Rapid7实验室 is actively monitoring new 和 upcoming threat groups 和 the ransomware domain is known for having a large number of them.

10分钟 星期二补丁

补丁星期二- 2024年9月

4零日. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT关键rce.

4分钟 InsightIDR

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB 和 Enterprise

Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment.