Posts by Jen Ellis

4 min Ransomware

A Year on from the Ransomware Task Force Report

We're marking the anniversary of the Ransomware Task Force’s (RTF) report, which offered 48 recommendations to deter and respond to ransomware attacks

Read Full Post

4 min Russia-Ukraine Conflict

The Digital Citizen’s Guide to Navigating Cyber Conflict

In this post, we provide advice for non-security-pro digital citizens to protect themselves and, by extension, help protect their organizations.

Read Full Post

10 min Ransomware

Ransomware: Is Critical Infrastructure in the Clear?

Is critical infrastructure in the clear, is it a specific target of ransomware attackers, or is it simply on the same footing as any other organization?

Read Full Post

10 min Public Policy

Reforming the UK’s Computer Misuse Act

The CMA is the UK’s anti-hacking law, and we've ​provided feedback on the issues we see with the legislation.

Read Full Post

11 min Public Policy

Hack Back Is Still Wack

The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.

Read Full Post

7 min Ransomware

The Ransomware Task Force: A New Approach to Fighting Ransomware

The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.

Read Full Post

3 min Ransomware

Decrypter FOMO No Mo’: Five Years of the No More Ransom Project

The amazing No More Ransom Project celebrates its fifth anniversary today and so we just wanted to take a moment to talk about what it has accomplished and why you should tell all your friends about it.

Read Full Post

6 min Public Policy

Internet of Things Cybersecurity Regulation and Rapid7

Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.

Read Full Post

8 min Public Policy

The IoT Cybersecurity Improvement Act of 2019

In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.

Read Full Post

4 min Linux

Patching CVE-2017-7494 in Samba: It's the Circle of Life

With the scent of scorched internet still lingering in the air from the WannaCry Ransomworm [https://www.rapid7.com/blog/post/2017/05/12/wanna-decryptor-wncry-ransomware-explained/] , today we see a new scary-and-potentially-incendiary bug hitting the twitter news. The vulnerability - CVE-2017-7494 - affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto standard for providing Windows-based file and print services on Unix and Linux systems. We strongly recommend that s

Read Full Post

6 min Government

Vulnerability Disclosure and Handling Surveys - Really, What's the Point?

Maybe I'm being cynical, but I feel like that may well be the thought that a lot of people have when they hear about two surveys posted online this week to investigate perspectives on vulnerability disclosure and handling. Yet despite my natural cynicism, I believe these surveys are a valuable and important step towards understanding the real status quo around vulnerability disclosure and handling so the actions taken to drive adoption of best practices will be more likely to have impact. Hopef

Read Full Post

3 min Haxmas

12 Days of HaXmas: Rapid7 Gives to You... Free Professional Media Training (Pear Tree Not Included)

Ho ho ho, Merry HaXmas [/tag/haxmas/]! For those of you new to this series, every year we mark the 12 days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year we're kicking the series off with something not altogether hackery, but it's a gift, see, so very appropriate for the season. For the past couple of years, I've provided free media training at various security conferences, often as part of an I Am The Cavalry [https://www.iamthecavalry.org/] track,

Read Full Post

5 min Public Policy

New DMCA Exemption is a Positive Step for Security Researchers

Today the Library of Congress officially publishes its rule-making for the latest round of exemption requests for the Digital Millennium Copyright Act (DMCA).  The advance notice of its findings [https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-27212.pdf] revealed some good news for security researchers as the rule-making includes a new exemption to the DMCA for security research: “(i) Computer programs, where the circumvention is undertaken on a lawfully acquired device or

Read Full Post

1 min Legal

Rapid7's Comments on the Wassenaar Arrangement Proposed Rule

For the past two months, the Department of Commerce's Bureau of Industry and Security (BIS) has been running a public consultation to solicit feedback on its proposal for implementing export controls for intrusion software under the Wassenaar Arrangement. You can read about the proposal and Rapid7's initial thoughts here [/2015/06/13/response-to-the-us-proposal-for-implementing-the-wassenaar-arrangement-export-controls-for-intrusion-software] . The consultation window closed on Monday, July 20th

Read Full Post

8 min Metasploit

Wassenaar Arrangement - Frequently Asked Questions

The purpose of this post is to help answer questions about the Wassenaar Arrangement.  You can find the US proposal for implementing the Arrangement here [https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-11642.pdf], and an accompanying FAQ from the Bureau of Industry and Security (BIS) here [http://www.bis.doc.gov/index.php/policy-guidance/faqs#subcat200]. For Rapid7's take on Wassenaar, and information on the comments we intend to submit to BIS, please read this companion pie

Read Full Post

• 1
• 2