Hacker News
- CVE-2024-4978: Backdoored Court Conference App JAVS Apparent Supply Chain Attack https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ 0 comments
- JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (Fixed) https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/ 8 comments
- Widespread exploitation of critical remote code execution in Apache Log4j https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/ 91 comments
- Metasploit Framework 6.4 Released https://www.rapid7.com/blog/post/2024/03/25/metasploit-framework-6-4-released/ 3 comments netsec
- Rapid7 Vulnerability Intelligence Report Webcast - today at 11am PDT / 2pm EDT https://www.rapid7.com/about/events-webcasts/2023/2022-vulnerability-intelligence-report-webcast/ 6 comments netsec
- Root RCE via CSRF (and other vulns) in F5 Big-IP devices [my original research] https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ 5 comments netsec
- Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) CVE-2022-42889 - Critical 9.8 https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/ 5 comments sysadmin
- Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/ 6 comments netsec
- Zyxel Firewall Unauthenticated Command Inject (CVE-2022-30525) https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ 7 comments netsec
- Under the Hoodie 2019: Security Lessons Learned from 180 Pen Tests | Rapid7 https://www.rapid7.com/research/report/under-the-hoodie-2019/ 32 comments netsec
- Java Serialization: A Practical Exploitation Guide https://www.rapid7.com/research/report/exploiting-jsos/ 16 comments netsec
- UNDER THE HOODIE: Lessons from a Season of Penetration Testing (2018) https://www.rapid7.com/globalassets/_pdfs/research/rapid7-under-the-hoodie-2018-research-report.pdf 16 comments netsec
- Rapid7 marketer explains penetration testing [hilarious] http://www.rapid7.com/resources/videos/penetration-testing.jsp 15 comments netsec
- Rapid 7 Releases ScanNow, MySQL Authentication Bypass Flaw Scanner (CVE-2012-2122) http://www.rapid7.com/free-security-software-downloads/mysql-vulnerability-scanner-cve-2012-2122.jsp 6 comments netsec
Linking pages
- Oracle: 'We Have to Fix Java' | eSecurity Planet http://www.esecurityplanet.com/network-security/oracle-we-have-to-fix-java.html 106 comments
- New – EC2 M6g Instances, powered by AWS Graviton2 | AWS News Blog https://aws.amazon.com/blogs/aws/new-m6g-ec2-instances-powered-by-arm-based-aws-graviton2/ 102 comments
- Running in Circles: Uncovering the Clients of Cyberespionage Firm Circles - The Citizen Lab https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/ 65 comments
- GitHub - swagger-api/swagger-codegen: swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. https://github.com/swagger-api/swagger-codegen 46 comments
- Apple is having its Microsoft moment http://money.cnn.com/2015/06/05/technology/apple-bugs/index.html 34 comments
- Amazon Simple Queue Service (SQS) – 15 Years and Still Queueing! | AWS News Blog https://aws.amazon.com/blogs/aws/amazon-sqs-15-years-and-still-queueing/ 27 comments
- 3 Months of Meterpreter · OJ Reeves http://buffered.io/posts/3-months-of-meterpreter/ 22 comments
- FinSpy Software Is Tracking Political Dissidents - The New York Times http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html 19 comments
- Xfinity's Security System Flaws Open Homes to Thieves | WIRED http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/ 17 comments
- Unbelievable: Top Ten Hacked LinkedIn Passwords http://www.forbes.com/sites/anthonykosner/2012/06/11/unbelievable-top-10-hacked-linkedin-passwords/ 17 comments
- Google cuts back on Android security fixes - BBC News http://www.bbc.co.uk/news/technology-30795253 15 comments
- Continued Meterpreter Development · OJ Reeves http://buffered.io/posts/continued-meterpreter-development/ 9 comments
- Power plants put at risk by security bugs - BBC News http://www.bbc.com/news/technology-26881970 9 comments
- Microsoft to patch critical Internet Explorer 9 vulnerability next week - The Verge http://www.theverge.com/2012/7/6/3140742/microsoft-patch-tuesday-july-2012-ie9-critical-fix 8 comments
- Web attacks build on Shellshock bug - BBC News http://www.bbc.co.uk/news/technology-29375636 8 comments
- 64bit Pointer Truncation in Meterpreter · OJ Reeves http://buffered.io/posts/64bit-pointer-truncation-in-meterpreter/ 6 comments
- Rapid7 Expands Its Support Of Open Source Security Projects | Network World http://www.networkworld.com/community/node/75575 3 comments
- Hackers could use your smart home devices to launch web attacks http://finance.yahoo.com/news/smart-home-devices-hacked-190459032.html 2 comments
- TGB 2016: Why Rapid7 Is Shutting Down Its Offices for Tech Gives Back — TUGG http://tugg.org/news/2016/9/14/tgb-2016-why-rapid7-is-shutting-down-its-offices-for-tech-gives-back 1 comment
- Amnesia:33 IoT flaws dangerous and patches unlikely, say experts | Computer Weekly https://www.computerweekly.com/news/252493386/Amnesia33-IoT-flaws-dangerous-and-patches-unlikely-say-experts 1 comment