4 min
IoT
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.
3 min
Managed XDR
Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR
With Rapid7’s Managed Extended Detection and Response (MXDR) service, organizations can confidently scale their cloud investments without sacrificing the comprehensive coverage they’re familiar with today.
4 min
Artificial Intelligence
Why Cybercriminals Are Not Necessarily Embracing AI
The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks.
2 min
Metasploit
Metasploit Weekly Wrap-Up 11/29/2024
Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176
9 min
Research
New “CleverSoar” Installer Targets Chinese and Vietnamese Users
In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims.
3 min
Metasploit
Metasploit Weekly Wrap-Up 11/22/2024
JetBrains TeamCity Login Scanner
Metasploit added a login scanner for the TeamCity application to enable users to
check for weak credentials. TeamCity has been the subject of multiple ETR
vulnerabilities
and is a valuable target for attackers.
Targeted DCSync added to Windows Secrets Dump
This week, Metasploit community member smashery
7 min
Malware
A Bag of RATs: VenomRAT vs. AsyncRAT
Remote access tools (RATs) have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT.
3 min
Vulnerability Disclosure
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.
2 min
AWS
Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)
Rapid7 is excited to announce our support for Amazon Web Services’ (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure.
2 min
Career Development
Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards
On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being.
3 min
Exposure Command
Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub
Rapid7’s Remediation Hub, our newest addition to the Exposure Command platform. Remediation Hub automatically prioritizes various risk signals across your hybrid environment and suggests the actions your team can take that would have the largest impact on reducing your overall risk posture.
2 min
Security Operations (SOC)
Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products
With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for organizations to layer security defenses and amplify outcomes.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module
This week's release includes an exploit module for the Palo Alto Expedition
exploit chain that's been making headlines recently. The first vulnerability,
CVE-2024-5910, allows attackers to reset the password of the admin user. The
second vulnerability, CVE-2024-9464 is an authenticated OS command injection.
The module makes use of both vulnerabilities in order to obtain unauthenticated
RCE in the context of the user www-data.
New module content (1)
Palo Alto Expe
4 min
InsightIDR
New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations
Rapid7’s InsightIDR, the foundation of our Managed Detection and Response (MDR) service, empowers security teams with advanced analytics, automation, and expert-led investigations.
3 min
Emergent Threat Response
Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.