10 min
Supply Chain Security
Securing the Supply Chain: Lessons Learned from the Codecov Compromise
This blog post is meant to provide the security community with defensive knowledge and techniques to protect against supply chain attacks involving continuous integration (CI) systems
4 min
Vulnerability Disclosure
The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained
TL;DR
This week a vulnerability was disclosed, which could result in sensitive data
being leaked from websites using Cloudflare's proxy services. The vulnerability
- referred to as "Cloudbleed" - does not affect Rapid7's solutions/services.
This is a serious security issue, but it's not a catastrophe. Out of an
abundance of caution, we recommend you reset your passwords, starting with your
most important accounts (especially admin accounts). A reasonable dose of
skepticism and prudence will go
2 min
Microsoft
A Closer Look at February 2015's Patch Tuesday
This month's Patch Tuesday covers nine security bulletins from Microsoft,
including what seems like a not-very-unusual mix of remote code execution (RCE)
vulnerabilities and security feature bypasses. However, two of these bulletins –
MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and
MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] –
require a closer look, both because of the severity of the vulnerabilities that
they address and the changes Mi