FISA

Security teams have been drowning in alerts for years. Ask any SOC analyst what their inbox looks like after a weekend, and you’ll likely hear something close to panic. The sheer volume of false positives has become a full-time problem—one that traditional tools, frankly, haven’t fixed. But something has shifted. Source: Rapid7 Rapid7’s new AI-powered alert triage system, built into InsightIDR, might just be that shift. It classifies alerts with an astonishing 99.93% accuracy, thanks to machine learning models trained on a massive dataset sourced from their global MDR operations [1]. This isn’t just another automation tool promising to save time; it’s actually doing it. What sets this apart is the combination of accuracy and transparency. The system doesn’t just toss alerts into a “good” or “bad” pile—it shows its work. Analysts can review the AI’s decision process, which means they’re not being asked to blindly trust a black box. This kind of traceability is exactly what has been miss...

  Rapid7 has patched a critical  SQL injection  vulnerability in Nexpose, its on-premises vulnerability management software. The flaw, which has a CVSS rating of 9.8, arose because valid search operators were not defined, according to the  CVE description  for the bug, which is tracked as CVE-2022-0757. Consequently, attackers can inject SQL code after manipulating the ‘ALL’ or ‘ANY’ filter query operators in the SearchCriteria. This issue affects all versions of Nexpose – alternately known as Security Console – up to and including 6.6.128. XSS in the mix Rapid7, a Massachusetts-based cybersecurity firm, addressed the issue in Nexpose version  6.6.129 , released March 2. The latest version also includes support for TLS 1.3 services, an added vulnerability check for Log4j, and additional Metasploit-based vulnerability coverage. The Nexpose  vulnerability scanner  also contained a medium severity  cross-site scripting  (XSS) flaw. Residing...

Rapid7 is tracking reports of ongoing exploitation of   CVE-2023-28771 , a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network (WAN) interface, which is intended to be exposed to the internet. A VPN does not need to be configured on a device for it to be vulnerable. Successful exploitation of CVE-2023-28771 allows an unauthenticated attacker to execute code remotely on the target system by sending a specially crafted IKEv2 packet to UDP port 500 on the device. Zyxel released an advisory  for CVE-2023-28771 on April 25, 2023. On May 19, Rapid7 researchers published a  technical analysis  of the vulnerability on AttackerKB, underscoring the likelihood of exploitation. As of May 19, there were at least  42,000 instances  of Zyxel devices on the public internet. However, as Rapid7 researche...