14 min
Ransomware
Exploring the (Not So) Secret Code of Black Hunt Ransomware
In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.
2 min
Emergent Threat Response
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
3 min
Emergent Threat Response
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
widely deployed software this week. Atlassian disclosed
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter Server advisory
[http://www.vmwar
5 min
Vulnerability Management
Whispers of Atlantida: Safeguarding Your Digital Treasure
Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded.
4 min
Ransomware
2023 Ransomware Stats: A Look Back To Plan Ahead
As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, and how can we use them to plan for the year ahead?
7 min
Emergent Threat Response
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Ivanti Connect Secure and Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks and conduct a range of nefarious activities, including backdooring legitimate files.
3 min
Artificial Intelligence
We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead
Here at Rapid7 we’ve seen a whole lot of threats and exploited vulnerabilities in 2023, many in the form of zero days. So it can be a little overwhelming to think about what could be in store for us in the year ahead.
5 min
Risk Management
Peeking into the crystal ball: What 2023 cyber threats told us about 2024
Even though we’re surely in for more than a few surprises in the coming year, there are ways we can be better prepared. So sit back and relax as we venture through some insights we’ve gained in 2023 and offer ways you can put them into practice in the coming year.
3 min
IoT
Is That Smart Home Technology Secure? Here’s How You Can Find Out.
I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.
5 min
Research
The Risks of Exposing DICOM Data to the Internet
DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.
8 min
Research
Little Crumbs Can Lead To Giants
This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).
6 min
Emergent Threat Response
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
[http://www.ipswitch.com/ftp-server], a secure file transfer solution. There
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044 and CVE-2023-42657). Our research team has identified what
appears to be the .NET deserialization vulnerability (CVE-2023-40044) and
confirmed that it is exploitable with a single HTTPS POST request and a
pre
11 min
Detection and Response
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
Rapid7 has observed the Fake Browser Update lure utilizing a sophisticated new loader to execute infostealers.
2 min
Research
Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market
In Security Implications from Improper De-acquisition of Medical Infusion Pumps Rapid7 performs a physical and technical teardown of more than a dozen medical infusion pumps.
2 min
Emergent Threat Response
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.