Articles about rapid7

Shutterstock door knocker

Swiss banking software has Swiss cheese security, says Rapid7

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor. The software in question, SmartVista, is an e-commerce and financial product from BPC Banking, and in this post, Rapid7 says it told the company about the issue back in May 2017. The US CERT …
Dog and fence, mage via Shutterstock

VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Messaging provider Fuze has resolved a trio of vulnerabilities in its TPN Handset Portal. The access controls and authentication flaws, discovered by security tools firm Rapid7, created a means for hackers to obtain personal data about Fuze users ranging from phone numbers to email addresses and access credentials. Once …
John Leyden, 23 Aug 2017
The big fish eats the little fish

Rapid7 slurps security orchestration biz Komand

Rapid7 is the latest vendor to jump on the orchestration and automation bandwagon, announcing it's buying upstart outfit Komand to plump out its range. Privately-held Komand came to life in was founded in 2015, pitching what it describes as “an orchestration layer for security tools and processes”. It received a round of …
Road at night image via Shutterstock

Network Management Systems are a 'treasure map' for hackers

Network Management Systems are far more easily attacked than previously reckoned, according to new research by Rapid7. The firm behind the popular Metasploit penetration testing tool warns that vulnerabilities in systems used to manage network elements (routers, servers, printers and more) offers attackers a “treasure map” of …
John Leyden, 7 Sep 2016
shimmer

Forget card skimmers, chip-card shimmers will be your next nightmare

Black Hat America's belated move to EMV (Europay, MasterCard and Visa) chip-equipped cards won't be the panacea some had hoped. As it turns out, the cards are just as easy to clone as their magnetic stripe predecessors. At the Black Hat 2016 security conference in Las Vegas this week, engineers from Rapid7 demonstrated how a few small …
Iain Thomson, 3 Aug 2016

Osram's Lightify smart bulbs blow a security fuse – isn't anything code audited anymore?

Nine security holes, four of them still unpatched, have been found in the Osram smart light bulb system, potentially giving attackers access to a home or corporate network. The issues in the Lightify Home and Pro systems range from cross-site scripting (XSS) to problems with the ZigBee and SSL protocols to insecure encryption …
Kieren McCarthy, 27 Jul 2016
Chinese fence

Millions of 'must be firewalled' services are open to the entire internet – research

Millions of services that ought to be restricted are exposed on the open internet, creating a huge risk of hacker attack against databases and more. Infosec firm Rapid7’s researchers took a close look at the millions and millions of individual services that live on the public IP network, one of the most fundamental components …
John Leyden, 8 Jun 2016

HD Moore exiting Rapid7 for VC-land

HD Moore, the security researcher and hacker whose accomplishments include the Metasploit Framework, the Critical.IO scanning project and a bunch of critical vulnerability discoveries as chief technology officer of Rapid7, has succumbed to the siren song of venture capital. In this post at Rapid7, he's announced that he's …
Drop bears: Australia's most deadly creature

Advantech authentication forgets the authentication part

Advantech's EKI series of Modbus-to-TCP/IP gateways have a critical authentication bug, according to HD Moore of Rapid7. Back in December, Moore made a bunch of disclosures about the same product (including Shellshock and Heartbleed exposure). His latest discovery is that the EKI's Dropbear SSH daemon isn't authenticating …

How to log into any backdoored Juniper firewall – hard-coded password published

The access-all-areas backdoor password hidden in some Juniper Networks' Netscreen firewalls has been published. Last week it was revealed that some builds of the devices' ScreenOS firmware suffer from two severe security weaknesses: one allows devices to be commandeered over SSH and Telnet, and the other allows encrypted VPN …
Iain Thomson, 21 Dec 2015

Rapid7 inhales cloudy machine data search firm Logentries

Rapid7 has bought cloud-based machine data search and log company Logentries for $68m in cash and equity, allowing Rapid7 to add that functionality to its widely used penetration testing tool Metasploit. Adding disruptive log management and efficient, fast search will give corporate security teams the ability to deeply …
John Leyden, 14 Oct 2015
malware_security_648

HP perfomance monitor can climb through Windows

Rapid7 is advising HP SiteScope users to run the tool on Linux rather than Windows servers because of a nasty privilege escalation vulnerability. The agentless monitoring environment that headlines HP's operational management offerings lets authenticated users run commands with system privilege, the security bods explain. The …

IoT baby monitors STILL revealing live streams of sleeping kids

Internet-connected baby monitors are riddled with security flaws that could broadcast live footage of your sleeping children to the world and his dog, according to new research. Mark Stanislav, a security researcher at Rapid7, discovered numerous security weaknesses and design flaws after evaluating nine different devices from …
John Leyden, 3 Sep 2015
Toshiba Betamax and VHS video recorder ad

HACKERS can DELETE SURVEILLANCE DVRS remotely – report

Updated DVR systems from Hikvision have vulnerabilities that open the door to hacking, security researchers have warned. Digital Video Recorders (AKA Network Video Recorders), such as those from the likes of Hikvision, are used to record surveillance footage of office buildings and surrounding areas. However, the range of …
John Leyden, 21 Nov 2014
Qualcomm Atheros hybrid network

Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?

Hundreds of thousands of routers, firewalls and gateways used by small offices and homes are said to be vulnerable to hijacking due to bungled NAT settings. The networking devices are, we're told, commonly misconfigured to allow remote attackers to reprogram how network traffic flows to PCs, servers, tablets and other machines …
John Leyden, 22 Oct 2014

THREE QUARTERS of Android mobes open to web page spy bug

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites. The exploit targets vulnerability (CVE-2014-6041) in Android versions 4.2.1 and below and was disclosed without fanfare on 1 September, but had since gathered dust, …
Darren Pauli, 16 Sep 2014

Enterprise giant SAP's systems take a probe to the wobbly bits - report

At least 3,000 SAP systems are directly exposed to the internet, providing direct access to core corporate systems for potential attackers, according to a penetration-testing firm. Rapid7, the firm behind the Metasploit penetration-testing tool, carried out the scanning exercise in the wake of the discovery of a banking Trojan …
John Leyden, 13 Nov 2013
bug on keyboard

IPMI in Supermicro servers vulnerable says HD Moore

Metasploit's HD Moore is gnawing at the security of the The Intelligent Platform Management Interface (IPMI) again, this time zeroing in on the firmware implementation from vendor Supermicro. Moore had looked at IPMI in general in July, at which time he pointed to vulnerabilities in Supermicro's uPNP implementation. His …

Create a news alert about rapid7, or find more stories about rapid7.

Biting the hand that feeds IT © 1998–2018