5 min
Career Development
Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech
As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.
8 min
Labs
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs!
It's the second week of December and the weather forecast announced another
storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs
for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and
CyberPanel along with two modules to change password through LDAP and SMB
protocol.
New module content (7)
Change Password
Author: smashery
Type: Auxiliary
Pull request: #19671
contributed
4 min
Cybersecurity
Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar
Hosted by industry heavy hitter Brian Honan, CEO of BH Consulting, the webinar brought together Rapid7 security and policy experts Raj Samani, Chief Scientist, and Sabeen Malik, VP of Global Government Affairs and Public Policy.
10 min
Malware
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR team discovered a novel, multi-stage attack that deploys an encoded Java Archive (JAR) payload.
8 min
Patch Tuesday
Patch Tuesday - December 2024
1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.
6 min
Emergent Threat Response
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
On Monday, December 9, multiple security firms began privately circulating
reports of in-the-wild exploitation targeting Cleo file transfer software. Late
the evening of December 9, security firm Huntress published a blog
on active exploitation of three different Cleo products (docs
):
*
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/06/2024
Post-Thanksgiving Big Release
This week's release is an impressive one. It adds 9 new modules, which will get
you remote code execution on products such as Ivanti Connect Secure, VMware
vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It
also includes an account takeover on Wordpress, a local privilege escalation on
Windows and a X11 keylogger module. Finally, this release improves the
fingerprinting logic for the TeamCity login module and adds instructions about
the in
3 min
Exposure Command
Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command
With purpose-built harvesting technology providing real-time visibility into everything running across multi-cloud environments, Exposure Command from Rapid7 ensures teams have an up-to-date inventory, mapping their cloud attack surface and enriching asset data with risk and business context.
18 min
Incident Response
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.
4 min
IoT
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.
3 min
Managed XDR
Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR
With Rapid7’s Managed Extended Detection and Response (MXDR) service, organizations can confidently scale their cloud investments without sacrificing the comprehensive coverage they’re familiar with today.
4 min
Artificial Intelligence
Why Cybercriminals Are Not Necessarily Embracing AI
The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks.
2 min
Metasploit
Metasploit Weekly Wrap-Up 11/29/2024
Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176
9 min
Research
New “CleverSoar” Installer Targets Chinese and Vietnamese Users
In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims.