Posts tagged Research

14 min Ransomware

Exploring the (Not So) Secret Code of Black Hunt Ransomware

In this analysis we examined the BlackHunt sample shared on X (formerly Twitter). During our analysis we found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware.

2 min Emergent Threat Response

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

3 min Emergent Threat Response

Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed [http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html] CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023 vCenter Server advisory [http://www.vmwar

5 min Vulnerability Management

Whispers of Atlantida: Safeguarding Your Digital Treasure

Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded.

4 min Ransomware

2023 Ransomware Stats: A Look Back To Plan Ahead

As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, and how can we use them to plan for the year ahead?

7 min Emergent Threat Response

Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Ivanti Connect Secure and Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks and conduct a range of nefarious activities, including backdooring legitimate files.

3 min Artificial Intelligence

We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead

Here at Rapid7 we’ve seen a whole lot of threats and exploited vulnerabilities in 2023, many in the form of zero days. So it can be a little overwhelming to think about what could be in store for us in the year ahead.

5 min Risk Management

Peeking into the crystal ball: What 2023 cyber threats told us about 2024

Even though we’re surely in for more than a few surprises in the coming year, there are ways we can be better prepared. So sit back and relax as we venture through some insights we’ve gained in 2023 and offer ways you can put them into practice in the coming year.

3 min IoT

Is That Smart Home Technology Secure? Here’s How You Can Find Out.

I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.

5 min Research

The Risks of Exposing DICOM Data to the Internet

DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.

8 min Research

Little Crumbs Can Lead To Giants

This blog offers a deep dive into the world of Shell Link files (LNK) and Virtual Hard Disk files (VHD).

6 min Emergent Threat Response

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WS_FTP Server [http://www.ipswitch.com/ftp-server], a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical (CVE-2023-40044 and CVE-2023-42657). Our research team has identified what appears to be the .NET deserialization vulnerability (CVE-2023-40044) and confirmed that it is exploitable with a single HTTPS POST request and a pre

11 min Detection and Response

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Rapid7 has observed the Fake Browser Update lure utilizing a sophisticated new loader to execute infostealers.

2 min Research

Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market

In Security Implications from Improper De-acquisition of Medical Infusion Pumps Rapid7 performs a physical and technical teardown of more than a dozen medical infusion pumps.

2 min Emergent Threat Response

CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile

CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.