Pierluigi Paganini May 14, 2021
Rapid7 says source code, credentials accessed as a result of Codecov supply-chain attack

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for […]

Pierluigi Paganini August 14, 2017
Rapid7 warns of Remote Desktop Protocol (RDP) exposure for millions of endpoints

According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP). The researchers discovered that there are 11 million open 3389/TCP endpoints, and that 4.1 million of them are RDP. “We analyzed the responses, tallying any that appeared to be from RDP speaking […]

Pierluigi Paganini September 03, 2015
Hacking Baby Monitors is dramatically easy

Security researchers from Rapid7 security firm discovered a number of security vulnerabilities affecting several Video Baby Monitors. Researchers find major security flaws in popular networked video baby monitor products that could allow attackers to snoop on babies and businesses. Rapid7 analyzed baby monitors from six vendors, ranging in price from $55 to $260 in order to […]

Pierluigi Paganini February 13, 2015
How to remotely install malicious apps on Android devices

Security researchers discovered how to install and launch malicious applications remotely on Android devices exploiting two flaws. Security researchers have uncovered a couple of vulnerabilities in the Google Play Store that could allow cyber criminals to install and launch malicious apps remotely on Android mobile devices. The expert Tod Beardsley, technical lead for the Metasploit […]

Pierluigi Paganini January 24, 2015
5800 Gas Station Tank Gauges vulnerable to cyber attacks

Rapid7 revealed that more than 5000 Automated tank gauges (ATGs) used to prevent fuel leaks at gas stations in US are vulnerable to remote cyber attacks. A recent research conducted by HD Moore of Rapid7 revealed a disconcerting truth, the Automated tank gauges (ATGs) used to prevent fuel leaks at more than 5,000 gas stations in […]

Pierluigi Paganini May 19, 2014
SNMP issues in many devices allow disclosure of data

Researchers at Rapid7 disclosed a series of vulnerabilities in many devices that allow data disclosure from the SNMP community string. Researchers at Rapid7 have discovered problems in SNMP on embedded devices which can can cause the exposure of critical information. As explained in the official blog post during the analysis the experts discovered devices which expose information that would […]

Pierluigi Paganini February 20, 2014
Released a Metasploit module to hack 70% Android devices

Rapid 7 has released the “exploit/android/browser/webview_addjavascriptinterface” module which allows attackers to remotely access on most Android devices. A bug in the Android WebView programming interface allows attackers to remotely access on most devices running the popular OS. But it does not end here, hackers could easily access handset camera and file system simply creating a specifically crafted web […]

Pierluigi Paganini January 30, 2013
Security flaws in Universal Plug and Play expose million devices

Rapid7 security firm has published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” in which reports the result of a research conducted in the second half of 2012 that evaluated the global exposure of UPnP-enabled network devices. Security world has become accustomed to so surprising data, over 80 million unique IPs were identified […]