2分钟
研究
Rapid7 Releases the 2024 Attack Intelligence Report
Today, during our Take Comm和 Summit, we released our 2024 Attack Intelligence
Report, which pulls in expertise from our researchers, our detection 和
反应小组和威胁情报小组. 结果是最清楚的
picture yet of the expanding attack surface 和 the threats security
专业人士每天都要面对.
Since the end of 2020, we’ve seen a significant increase in zero-day
exploitation, ransomware attacks, 和 mass compromise incidents impacting many
组织全球.
7分钟
研究
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
在我们的博客系列的第一部分, we discussed how a Rust based application was used to download 和 execute the IDAT Loader. 在本系列的第二部分中, we will be providing analysis of how an MSIX installer led to the download 和 execution of the IDAT Loader.
2分钟
研究
Why The External Attack Surface Matters: An analysis into APAC related threat activities
Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface.
9分钟
研究
The Updated APT Playbook: Tales from the Kimsuky threat actor group
Within Rapid7 Labs we continually track 和 monitor threat groups. 作为这个过程的一部分, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat 和 mouse.
19分钟
紧急威胁响应
CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, 这两个都是身份验证绕过.
3分钟
脆弱性管理
High-Risk Vulnerabilities in ConnectWise ScreenConnect
2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. 这两个漏洞都影响screenconnect23.9.7点及更早.
7分钟
事件响应
RCE到silver:来自战场的IR故事
Rapid7 事件响应 was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
2分钟
紧急威胁响应
Fortinet FortiOS CVE-2024-21762漏洞利用
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.
14分钟
Ransomware
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware 和 LockBit, 这表明它使用了Lockbit泄露的代码. In addition, it uses some techniques similar to REvil ransomware.
2分钟
紧急威胁响应
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
1月22日, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
3分钟
紧急威胁响应
Critical CVEs in Outdated Versions of Atlassian Confluence 和 VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
本周广泛部署的软件. Atlassian披露
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-和-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter服务器咨询
[http://www.vmwar
5分钟
脆弱性管理
Whispers of Atlantida: Safeguarding Your Digital Treasure
Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, 和 uses several evasion techniques such as reflective loading 和 injection before the stealer is loaded.
4分钟
Ransomware
2023年勒索软件统计:回顾未来计划
As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, 以及我们如何利用它们来规划未来一年?
7分钟
紧急威胁响应
Zero-Day Exploitation of Ivanti Connect Secure 和 Policy Secure Gateways
Ivanti Connect Secure 和 Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks 和 conduct a range of nefarious activities, 包括备份合法文件.
3分钟
人工智能
We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead
Here at Rapid7 we’ve seen a whole lot of threats 和 exploited vulnerabilities in 2023, 很多是以零日的形式. So it can be a little overwhelming to think about what could be in store for us in the year ahead.