Posts

Rapid 7 - Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)

Image
In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner for this feature, Rapid7’s Exposure Command now extends its capabilities even further, helping organizations set precise, scalable guardrails within their AWS environments. The need for strong guardrails in the Ciscloud Cloud platforms like AWS have transformed business agility by enabling rapid development, fast deployments, and real-time scalability. Yet, as organizations increase their reliance on cloud infrastructure, they face a heightened risk landscape. Rapid development cycles and AI-driven cloud services often result in more identities, permissions, and resources—all of which can lead to excessive access and increased risk. The need for stringent guardrails has never been more

The Hacker News - Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple from The Hacker News https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html

The Hacker News - Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that from The Hacker News https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html

The Hacker News - China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications from The Hacker News https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html

The Hacker News - Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network from The Hacker News https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html

Rapid 7 - Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

Image
On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being. At Rapid7, we believe that the best ideas and solutions come from diverse, multi-faceted teams. By supporting our people with programs that enhance their well-being and quality of life, we create an environment where they can continue to have rewarding career experiences and make an incredible impact on our business. Our programs go beyond just taking care of people when they are sick. Instead, we look to increase their overall quality of life with unique initiatives and offerings that support both physical and mental health and wellness. Our award submission was broken down into three key areas where we offer unique benefits that make us leaders in our field. These areas included benefit offerings, physical health and well-being, and mental health and well-being. Be

Rapid 7 - Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub

Image
As organizations continue to scale their digital infrastructure, the volume of vulnerabilities and exposures grows at an overwhelming pace. Security teams often find themselves inundated with alerts and risk signals, unable to remediate every issue within their environment. They often struggle to keep pace with the dynamic nature of threats, and existing tools were not built to address the complexity of modern IT environments. With limited time and resources, trying to address every potential vulnerability is not feasible. This reality has driven the need for prioritization—teams must focus on the vulnerabilities that present the highest risks to their organization, based on factors like attacker behaviors, real-world threat intelligence, and exploitability. Meet Remediation Hub, Your New Home for Exposure Prioritization and Remediation Rapid7’s Remediation Hub, our newest addition to the Exposure Command platform, is designed to address this exact challenge. Remediation Hub auto