2分钟
Metasploit
Metasploit每周总结07/12/2024
常见的嫌疑犯
This release features two new exploits targeting old friends: Confluence 和
Ivanti. cve - 2024 - 21683
很简单
vulnerability to exploit, but as pointed out in the AttackerKB Review
, it requires authentication as a ‘Confluence Administrator.“另一方面,
CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti End
4分钟
InsightCloudSec
Rapid7产品的新功能 & 服务业:2024年第二季度正在审查中
在第二季度, 我们专注于增强可视化, 优先级, 和 integration capabilities across our key products 和 services.
1分钟
事件
Takeaways From The Take Comm和 Summit: Unlocking ROI in Security
Rapid7 CMO Cindy Stanton hosted a discussions with Cindy Stanton, Byron Anderson 和 Gaël Frouin to talk strategies for measuring team performance at Rapid7’s recent Take Comm和 summit.
11分钟
脆弱性管理
补丁星期二- 2024年7月
Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.
1分钟
Rapid7文化
Boston Business Journal Names Rapid7 as a Best Place to Work in Boston
6月13日, 2024, Rapid7 was recognized by The Boston Business Journal as a Best Place to Work in Boston. This marks the 13th consecutive year Rapid7 has made the list, this time coming in at #8 in the extra large company category.
2分钟
政府
Rapid7 completes IRAP PROTECTED assessment for 了解平台 solutions
Rapid7 has successfully completed an Information Security Registered Assessors Program (IRAP) assessment to PROTECTED Level for several of our 了解平台 solutions.
2分钟
Metasploit
Metasploit周报07/05/2024
3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel指令注入, 和Azure CLI凭证收集器
1分钟
事件
Takeaways From The Take Comm和 Summit: Navigating Modern SOC Challenges
At our recent Take Comm和 summit, experts delved into the pressing challenges faced by SOC teams.
2分钟
Metasploit
Metasploit周报06/28/2024
Unauthenticated Comm和 Injection in Netis Router
This week's Metasploit release includes an exploit module for an unauthenticated
comm和 注射 vulnerability in the Netis MW5360 router which is being
被追踪为CVE-2024-22729. The vulnerability stems from improper h和ling of the
password parameter within the router's web interface which allows for comm和
注射. Fortunately for attackers, the router's login page authorization can
be bypassed by simply deleting the authorization header,
10分钟
管理检测和响应(耐多药)
Supply Chain Compromise Leads to Trojanized 安装程序 for Notezilla, RecentX, Copywhiz
The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler
麦格劳,莎拉·李和托马斯·埃尔金斯.
执行概要
On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious
客户环境中的活动. 我们的调查发现
suspicious behavior was emanating from the installation of Notezilla, a program
that allows for the creation of sticky notes on a Windows desktop. 安装程序
for Notezilla, along with tools called RecentX 和
1分钟
事件
Takeaways From The Take Comm和 Summit: Unprecedented Threat L和scape
The Rapid7 Take Comm和 summit unveiled crucial findings from the 2024 Attack Intelligence Report, offering invaluable insights for cybersecurity professionals navigating today's complex threat l和scape.
4分钟
紧急威胁响应
Authentication Bypasses in MOVEit Transfer 和 MOVEit Gateway
6月25日, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer 和 MOVEit Gateway: CVE-2024-5806 和 CVE-2024-5805.
1分钟
事件
Takeaways From The Take Comm和 Summit: Underst和ing Modern Cyber Attacks
In today's cybersecurity l和scape, staying ahead of evolving threats is crucial. The 状态 of Security Panel from our Take Comm和 summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks 和 defenses.
4分钟
十大赌博正规信誉网址
从Top Dogs到Unified Pack
Cybersecurity is as unpredictable as it is rewarding. This means you 和 your cyber team may find yourselves navigating a complex l和scape of multi-cloud environments 和 evolving compliance requirements.
3分钟
Metasploit
Metasploit周报2016/21/06
Windows上PHP的参数注入
This week includes modules that target file traversal 和 arbitrary file read
vulnerabilities for software such as Apache, SolarWinds 和 Check Point, with
the highlight being a module for the recent PHP vulnerability submitted by
sfewer-r7 . 这个模块利用一个参数
注射 vulnerability, resulting in remote code execution 和 a Meterpreter
shell running in the context of the Administrator user.
注意,这个攻击