Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-06-29 00:00   Application Security in 2022: Where Are We Now?    #rapid7 #安全文章 When Forrester put out The State of Application Security, 2022 report, we thought it was a great time to share where we think AppSec is headed.

2022-06-28 00:00   CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)    #rapid7 #安全文章 The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.

2022-06-28 00:00   For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma    #rapid7 #安全文章 When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.

2022-06-27 00:00   API Security: Best Practices for a Changing Attack Surface    #rapid7 #安全文章 APIs have become a large part of the application attack surface, making API security a critical consideration.

2022-06-24 22:12   Velociraptor Version 0.6.5: Table Transformations, Multi-Lingual Support, and Better VQL Error-Handling Let You Dig Deeper Than Ever    #rapid7 #安全文章 Rapid7 is pleased to announce the release of Velociraptor version 0.6.5 – an advanced, open-source digital forensics and incident response (DFIR) tool.

2022-06-24 00:00   Metasploit Weekly Wrap-Up    #rapid7 #安全文章 Add Windows target support for the Confluence OGNL injection moduleImprove the exploit/multi/http/atlassian_confluence_namespace_ognl_injection module to support Windows server targets.EfsPotato - 6th getsystem techniqueThis adds the EfsPotato technique to the getsystem command in meterpreter. Thene

2022-06-23 21:09   Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction    #rapid7 #安全文章 A Forrester Consulting study commissioned by Rapid7 found our MDR service delivered an estimated 549% return on investment over 3 years.

2022-06-23 00:00   CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)    #rapid7 #安全文章 A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.

2022-06-23 00:00   Two Rapid7 Solutions Take Top Honors at SC Awards Europe    #rapid7 #安全文章 We are pleased to announce that two Rapid7 solutions were recognized on Tuesday, June 21, at the prestigious SC Awards Europe.

2022-06-22 23:10   How to Secure App Development in the Cloud, With Tips From Gartner    #rapid7 #安全文章 New Gartner research highlights how to keep your cloud applications safe without resorting to a patchwork of overlapping tools and services.

2022-06-22 00:00   [Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence    #rapid7 #安全文章 In this episode, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creator and founder.

2022-06-17 15:09   4 Strategies to Help Your Cybersecurity Budget Work Harder    #rapid7 #安全文章 Cybersecurity is a growing concern for organisations across all industries, and budget requests are increasing as a result.

2022-06-17 00:00   Metasploit Weekly Wrap-Up    #rapid7 #安全文章 vCenter Secret ExtracterExpanding on the work of the vcenter_forge_saml_token auxiliary module,community contributor npm-cesium137-io [] hasadded a new module for extracting the vmdir/vmafd certificates, the IdP keypair,the VMCA root cert, and anything from vmafd t

2022-06-16 21:09   New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers    #rapid7 #安全文章 "Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.

2022-06-16 00:00   Security Is Shifting in a Cloud-Native World: Insights From RSAC 2022    #rapid7 #安全文章 Here's a closer look at what two Rapid7 presentations from RSAC 2022 had to say about security in a cloud-native world.