2分钟
报告
新研究:物联网中蜂窝的扩散
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heil和 和 Thermo Fisher Scientific lead product security researcher Carlota Bindner.
2分钟
研究
Defending Against APTs: A Learning Exercise with Kimsuky
The latest research paper coming out of Rapid7实验室 examines the tactics of North Korea’s Kimsuky threat group.
2分钟
研究
Rapid7 Releases the 2024 Attack Intelligence Report
Today, during our Take Comm和 Summit, we released our 2024 Attack Intelligence
Report, which pulls in expertise from our researchers, our detection 和
反应小组和威胁情报小组. 结果是最清楚的
这是正在扩大的攻击面
[http://b8yh.hg68333.com/fundamentals/attack-surface/] 和 the threats security
专业人士每天都要面对.
Since the end of 2020, we’ve seen a significant increase in zero-day
利用、勒索软件攻击和大规模妥协
7分钟
研究
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
在我们的博客系列的第一部分, we discussed how a Rust based application was used to download 和 execute the IDAT Loader. 在本系列的第二部分中, we will be providing analysis of how an MSIX installer led to the download 和 execution of the IDAT Loader.
2分钟
研究
Why The External Attack Surface Matters: An analysis into APAC related threat activities
Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface.
9分钟
研究
The Updated APT Playbook: Tales from the Kimsuky threat actor group
Within Rapid7实验室 we continually track 和 monitor threat groups. 作为这个过程的一部分, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat 和 mouse.
19分钟
紧急威胁响应
CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, 这两个都是身份验证绕过.
3分钟
脆弱性管理
High-Risk Vulnerabilities in ConnectWise ScreenConnect
2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. 这两个漏洞都影响screenconnect23.9.7点及更早.
7分钟
事件响应
RCE到silver:来自战场的IR故事
Rapid7 事件响应 was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
2分钟
紧急威胁响应
Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.
14分钟
Ransomware
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware 和 LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
2分钟
紧急威胁响应
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
1月22日, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
3分钟
紧急威胁响应
Critical CVEs in Outdated Versions of Atlassian Confluence 和 VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
本周广泛部署的软件. Atlassian披露
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-和-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter服务器咨询
[http://www.vmwar
5分钟
脆弱性管理
Whispers of Atlantida: Safeguarding Your Digital Treasure
Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, 和 uses several evasion techniques such as reflective loading 和 injection before the stealer is loaded.
4分钟
Ransomware
2023年勒索软件统计:回顾未来计划
As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, 和 how can we use them to plan for the year ahead?