Displaying items by tag: Rapid7

GUEST OPINION Robin Long, Field CTO, Asia Pacific, Rapid7: As we mark World Cloud Security Day, it’s clear that while cloud adoption has revolutionised business operations, it has also introduced security-related risks.

Annual channel awards program honours Rapid7 partners’ excellence in cybersecurity product and services delivery, customer retention, and more

COMPANY NEWS: Rapid7, a leader in extended risk and threat detection, today announced the winners of its 2025 Partner of the Year Awards. Now in its 5th year, the annual awards program recognises both private and public sector partners for exceptional collaboration as well as their positive influence on customers’ security postures.

Reimagined partner program unifies the Rapid7 channel ecosystem to inspire and support partner growth

Extended risk and threat detection company Rapid7 has launched a new PACT Partner Program to equip partners with tools, training, and resources to meet the expanding security needs of customers in an “increasingly complex global threat landscape”.

GUEST OPINION:  Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them.

Australian companies need to establish clear ransomware policies and improve their understanding of their attack surface to enhance their cyber security, says a visiting global expert.

Latest features designed to protect sensitive data across multi-cloud environments, drive effective prioritisation and accelerated remediation of exposures with AI-driven risk scoring and integrated asset context

Rapid7, a leader in extended risk and threat detection, today announced new innovations to its Exposure Management offering. These latest features further enhance the Rapid7 Command Platform, delivering unmatched attack surface visibility and unparalleled context. With this expanded offering, organisations now have continuous visibility into sensitive data stored across their multi-cloud environments paired with the context they need to prioritise and remediate exposures effectively.

GUEST OPINION:  

Rapid7 is investigating two separate events affecting Fortinet firewall customers:

• Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed earlier this week. Successful exploitation could allow remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module.
• A January 15, 2025, dark web post from a threat actor who looks to have published IPs, passwords, and configuration data from 15,000 FortiGate firewalls. The data leaked online appears to be several years old (2022). Rapid7 has not attributed any CVEs to the leaked data at this time.

Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. It also sees the publication of nine critical remote code execution (RCE) vulnerabilities. Unusually, no browser vulnerabilities have yet been published this month.

On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is a stack-based buffer overflow that allows local authenticated attackers to escalate privileges on the device.

Leading cyber security solutions provider Rapid7 has provided its top three predictions for 2025. The Nasdaq-listed company with a global footprint had its Vice President of Global Government Affairs and Public Partnerships, Sabeen Malik, who is based in Washington DC, and UK-based Chief Scientist Raj Samani, look into their crystal ball and these are their three predictions for 2025.

GUEST OPINION:  Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday, with evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry.

Cybercrime shows no signs of abating, but the good news is you can have visibility across your network and sleep peacefully at night, according to Rapid7 chief product officer Craig Adams who spoke with iTWire to discuss the state of the industry.

GUEST RESEARCH:  Rapid7 published its analysis of the Black Basta ransomware campaign, having observed a resurgence of activity related to the ongoing social engineering campaign being conducted by the group.

Rapid7 MXDR delivers the context and coverage customers need to handle complex threats in AWS environments to take command of their attack surface

Latest expansion of Rapid7 MXDR helps customers maximise their security investments and gain comprehensive threat detection and response to take command of their attack surface

GUEST OPINION: The sale and purchase of unauthorised access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors.

COMPANY NEWS: Rapid7, a leader in extended risk and threat detection, today announced that it has been positioned as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 (US52038824; September 2024).

GUEST RESEARCH: Rapid7, a leader in extended risk and threat detection, today announced the release of its Ransomware Radar Report in conjunction with the company’s presence at Black Hat USA. The all-new research report provides a fresh perspective on the global ransomware threat by analysing, comparing, and contrasting attacker activity and techniques over an 18-month period ending 30 June 2024.

COMPANY NEWS: Rapid7, a leader in extended risk and threat detection, today announced the launch of its Command Platform, a unified threat exposure, detection, and response platform. Rapid7’s AI-charged Command Platform allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to cloud to close security gaps and prevent attacks.

GUEST OPINION by Raj Samani, Chief Scientist, Rapid7: The “evolving threat landscape” is a term we often hear within webinars and presentations taking place across the cybersecurity industry. Such a catch-all term is intended to capture the litany of threat groups and their evolving tactics, but in many ways it fails to truly acknowledge the growth in their capabilities. This is particularly true of APT groups who have for years demonstrated a remarkable increase in their capabilities to remain undetected and carry out instructions from those orchestrating the broader campaigns under which they operate.

The latest research paper from Rapid7 Labs examines the tactics of North Korea’s Kimsuky threat group. It is published to serve as a learning on the evolving capabilities of a highly adept and industrious threat group, and, more importantly, to provide the necessary insights for supporting security teams in the implementation of defensive strategies.

Key insights to be found in this research include:

Targeting capabilities

The paper details Kimsuky’s delivery method as largely focused on email, but of course, a key component of this is determining who to target and what the most effective lure is likely to be.

Historically, this threat group has been particularly successful at the latter with considerable time and expense taken to identify “individuals” on whom their attention should be focused.

It is all too easy to shrug and comment on the need for security awareness as the panacea control to prevent all such initial entry vectors. The reality is that we all remain susceptible, given the right hook. And the ability of this threat group to target and compromise individuals around the globe reveals an alarming level of capability to elicit a response from victims.

Evolving technical capabilities

As detailed earlier this year, we are seeing technical innovation borne from the need to evade security controls within the victim environment. In this instance we detail the use of .LNK file payloads derived from an LNK builder proof of concept. This, however, is just the tip of the iceberg, with many other payloads delivered using alternate methods.

What this reveals — with a very high degree of confidence — is that there is an element to continual tooling improvements. Much like a component of this group dedicated to strong OSINT (as above), there is likely a subset of the group dedicated to technical innovation as a means to evade detection.
This allows the group to develop an arsenal of malware, for example, that can be used at will; but more importantly, it can be built upon and developed as defensive techniques improve.

Always on the move
The historic dependency upon reputations as a vehicle to identify malicious infrastructure is fast becoming less than effective. Politely put — and as demonstrated within the paper — we see Kimsuky establish infrastructure across the globe but quickly leverage new domains as needed. This is just another example of how this group understands and develops the ability to quickly move as it identifies new targets.

Subsequently, the publication provides tactical, actionable insights into the defensive measures that can be taken. For example, full details of coverage are included within the paper, as well as persistence measures undertaken by the threat actor, which are a critical indicator of compromise during retroactive threat hunts. All TTPs detailed within the paper are also incorporated into detection coverage across the Rapid7 portfolio.