ASUS RS720-E12-RS8G 2U Intel Xeon 6 Server Review

Post Syndicated from Patrick Kennedy original https://www.servethehome.com/asus-rs720-e12-rs8g-2u-intel-xeon-server-nvidia-review/

ASUS RS720-E12-RS8GIn our ASUS RS720-E12-RS8G review, we see how this 2U server handles Intel Xeon 6 processors and up to ten expansion cards, including multiple NVIDIA H100 NVL GPUs

The post ASUS RS720-E12-RS8G 2U Intel Xeon 6 Server Review appeared first on ServeTheHome.

Setting the Record Straight

Post Syndicated from Backblaze original https://www.backblaze.com/blog/setting-the-record-straight/

A decorative image showing the Backblaze logo on a cloud.

Recently, a short seller made claims about Backblaze that were factually inaccurate, misleading, and filled with errors.

Short sellers frequently spread false or misleading information to manipulate a company’s stock price for their personal financial gain at the expense of other stockholders. Nevertheless, we want to set the record straight. 

Whether you’re a Backblaze customer, investor, or you’re just getting to know us, here’s what you need to know:

The short seller largely rehashed baseless claims made by two disgruntled former employees last year.

  • Out of an abundance of caution, and following industry best practices, our Audit Committee hired an independent third party law firm and forensic accounting firm, which confirmed there was no wrongdoing or issues with Backblaze’s public financial results. Since then, we have publicly filed two annual financial statements, which were fully audited and which are available on the SEC EDGAR site 

In an effort to enrich themselves, the short seller questioned the health of Backblaze.

  • We have never been stronger. As reported in our last earnings call, we continue to demonstrate financial strength. Our revenue is over $127 million per year and growing. Our balance sheet is strong with over $50 million in cash and short-term investments as of December 31, 2024.
  • Wall Street analysts report that the company is strong. For example, a respected analyst who has closely watched Backblaze since the IPO in November 2021, released an analysis of Backblaze after the short seller report was published. TipRanks, summarizing the report, finds the short seller claims to be unsubstantiated.  

The short seller tried to push some other false narratives about Backblaze. Here are the facts:

  • Your data is safe. We have successfully safeguarded customer data for more than 17 years, and continue to focus on delivering reliable, high-performance cloud solutions for our customers.  
  • Leading cloud storage provider. We are driving business growth by providing high value to customers. We have a track record of customer success stories that highlight how we help them improve performance, reduce costs, and transition to us from competitors, unlocking efficiencies in the process. 
  • Continued innovation. We continue to innovate to best serve the needs of our customers. We recently announced B2 Overdrive, a high-performance offering designed to power customers’ massive AI needs, as well as Event Notifications, Live Read, and Scalable Application Keys, amongst others.

If you want to hear more about how we’re doing and what we’re working on, check out our investor relations section.

The post Setting the Record Straight appeared first on Backblaze Blog | Cloud Storage & Cloud Backup

Metasploit Wrap-Up 05/02/2025

Post Syndicated from Spencer McIntyre original https://blog.rapid7.com/2025/05/02/metasploit-wrap-up-114/

Meterpreter Extended API Clipboard Monitoring

Metasploit Wrap-Up 05/02/2025

Security is hard, and Open Source Security is a collaborative effort. This week, Metasploit released a fix for a vulnerability that was privately disclosed to us by long-time community member bcoles. The vulnerability in question impacted Metasploit users who were using the clipboard monitoring functionality contained within the extended-API Meterpreter extension (extapi). After a user enables monitoring, they would typically run clipboard_monitor_stop or clipboard_monitor_dump to retrieve information from the compromised host. The vulnerability existed in Metasploit’s handling of files that may be present in the remote hosts clipboard. When files were downloaded, they would, by default, be written to in the current working directory and would overwrite any existing files.

An attacker could leverage this by placing a malicious file into their clipboard and waiting for the Metasploit operator to download it, then execute it. As an example, an attacker may assume that the Metasploit operator is running Metasploit from the current working directory of Metasploit itself. In that case, they could have a malicious Ruby file named msfconsole in their clipboard. When the Metasploit operator dumps the contents of the remote clipboard, their local copy of msfconsole would be overwritten and then executed the next time they started Metasploit. It should be noted that the file that is written to is printed in the command’s output, but may be ignored by the user.

Now with the changes introduced in #19938, the extapi’s clipboard monitoring commands have been updated to make this significantly more difficult. Two primary changes were made. Now Metasploit will require a directory to be specified by the user of where file contents should be written to. Additionally, files will not be overwritten automatically. In order to overwrite an existing file, the user must specify the –force argument. If a file would be or is overwritten, it will be noted in the output:

meterpreter > clipboard_monitor_dump -d test_dir --force -p
Files captured at 2025-04-01 19:11:30.0503
==========================================
Remote Path : C:\Users\smcintyre\Desktop\hello-world.txt
File size   : 11 bytes
Downloading : C:\Users\smcintyre\Desktop\hello-world.txt -> /home/smcintyre/Repositories/metasploit-framework.pr/test_dir/hello-world.txt
Downloaded 11.00 B of 11.00 B (100.0%) : C:\Users\smcintyre\Desktop\hello-world.txt -> /home/smcintyre/Repositories/metasploit-framework.pr/test_dir/hello-world.txt
Completed   : Overwrote existing file /home/smcintyre/Repositories/metasploit-framework.pr/test_dir/hello-world.txt

The Metasploit team would like to thank bcoles for bringing this issue to our attention. We have assigned it CVE-2025-3095 and evaluated it with a CVSS score of 5.0 / Medium (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P). This vulnerability was fixed in Metasploit version 6.4.60, released on April 30th, 2025.

New module content (2)

LDAP Password Disclosure

Authors: Hynek Petrak, Spencer McIntyre, Thomas Seigneuret, and Tyler Booth
Type: Auxiliary
Pull request: #20017 contributed by zeroSteiner
Path: gather/ldap_passwords

Description: This updates and renames the ldap_hashdump module to ldap_passwords, extending its functionality to extract secrets used by LAPSv1 and LAPSv2 in Active Directory environments, alongside existing LDAP implementations. It simplifies usage by unifying techniques under one module and avoids requiring users to fingerprint the server type. Associated tests were also updated to include AD-specific data using Samba as a test LDAP server.

WonderCMS Remote Code Execution

Authors: Milad "Ex3ptionaL" Karimi and msutovsky-r7
Type: Exploit
Pull request: #20081 contributed by msutovsky-r7
Path: multi/http/wondercms_rce
AttackerKB reference: CVE-2023-41425

Description: Adds a new module “exploit/multi/http/wondercms_rce” which exploits CVE-2023-41425 – a file upload vulnerability. The module will authenticate against the vulnerable WonderCMS instance using a given password and then creates a zip file with a malicious PHP file. The module then uploads a zip file, which gets automatically parsed into /themes directory and executed by the application.

Enhancements and features (1)

  • #20110 from bcoles – Improves code quality, metadata, and fixes some edge-case bugs within the modules/post/osx modules.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

The collective thoughts of the interwebz