3分钟
Metasploit
Metasploit每周总结2024年9月27日
史诗释放!
本周's release includes 5 new modules, 6 enhancements, 4 fixes 和 1
文档更新. Among the new additions, we have an account take over, SQL
注射、RCE和LPE! Thank you to all the contributors who made it possible!
新模块内容(5)
Cisco Smart Software 经理 (SSM) On-Prem Account Takeover (CVE-2024-20419)
Authors: Michael Heinzl 和 Mohammed Adel
类型:辅助
拉取请求:#19375
contribut
3分钟
紧急威胁响应
Multiple Vulnerabilities in Common Unix Printing System (CUPS)
Multiple unpatched vulnerabilities were publicly disclosed in the Common Unix Printing System (CUPS), a popular IPP-based open-source printing system.
4分钟
InsightCloudSec
Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 和 Azure DevOps
We recognize this critical need 和 have added new integration for InsightCloudSec (ICS) 和 接触命令 with Azure DevOps for Infrastructure as code (IaC) tooling, empowering organizations to quickly 和 effectively safeguard their attack surfaces.
4分钟
Forrester波
Rapid7 Recognized in Forrester’s 2024 攻击面管理 (ASM) Wave Report
本周, Rapid7 was recognized as a Contender in Forrester’s 2024 攻击面管理 (ASM) Wave report.
2分钟
Gartner
Three Recommendations for Creating a Risk-Based 检测和响应 Program
In a report released earlier this summer, Gartner analysts offer three recommendations for fostering an environment of risk-based threat detection, 调查, 和 response that includes a deeper underst和ing of your organization’s risk profile by more than just the security team.
2分钟
管理检测和响应(耐多药)
Exp和ing the Security Horizon: Introducing Rapid7 耐多药 for the Extended Ecosystem
Our Rapid7 MXDR service has always been built on InsightIDR, 我们的本地SIEM和XDR技术, operationalizing telemetry across the customer environment —endpoint, 云, 身份, 和网络.
2分钟
Metasploit
Metasploit每周总结- 2024年9月20日
新增模块内容(3)
update-motd.d持久性
作者:Julien Voisin
类型:利用
拉取请求:#19454
由jvoisin贡献
路径:linux /地方/ motd_persistence
Description: This adds a post module to keep persistence on a Linux target by
写月报
bash
script triggered with root privileges every time a user logs into the system
2分钟
紧急威胁响应
High-Risk Vulnerabilities in Common Enterprise Technologies
Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, 和Ivanti端点管理器(EPM). These CVEs are likely attack targets for APT 和/or financially motivated adversaries.
6分钟
攻击面安全
救命,我看不见! A Primer for 攻击面管理 博客 Series
在本系列中, we will explore the critical challenges 和 solutions associated with 攻击面管理 (ASM), a vital aspect of modern cybersecurity strategy.
3分钟
向量的命令
Rapid7 Introduces 向量的命令, a New Managed Service for 持续的红队
Rapid7 is delighted to announce the launch of 向量的命令, a continuous red teaming managed service designed to assess your external attack surface 和 identify gaps in the security defenses on an ongoing basis.
2分钟
Metasploit
Metasploit每周总结2024年9月13日
SPIP模块
本周 brings more modules targeting the SPIP publishing platform. SPIP已经
gained some attention from Metasploit community contributors recently 和 has
inspired some PHP payload 和 encoder improvements.
新增模块内容(2)
SPIP BigUp插件未经认证的RCE
Authors: Julien Voisin, Laluka, Valentin Lobstein, 和 Vozec
类型:利用
拉取请求:#19444
由Chocapikk贡献
帕特
4分钟
Gartner
The Growing Importance of 风险管理: Our Key Insights from Gartner® Hype Cycle™ for Security Operations, 2024
The Gartner® Hype Cycle™ for Security Operations, 《ladbrokes立博官网》于7月下旬出版, 和 is an interesting look at the dynamic nature of both the threat l和scape 和 the diverse range of technologies that security & risk management (SRM) professionals use to safeguard their organizations.
4分钟
实验室
Ransomware Groups Demystified: Lynx Ransomware
As part of our research 和 tracking of threats, Rapid7实验室 is actively monitoring new 和 upcoming threat groups 和 the ransomware domain is known for having a large number of them.
10分钟
星期二补丁
补丁星期二- 2024年9月
4零日. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT关键rce.
4分钟
InsightIDR
Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB 和 Enterprise
Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment.