2 min
Vulnerability Management
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.
4 min
InsightVM
How to Define and Communicate Vulnerability Risk Across Your Company
In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.
2 min
#Rapid7GivesBack Month: Moose That Drive Impact Together
At Rapid7, we are committed to giving back to the community and making an impact together through #Rapid7GivesBack month.
1 min
Security Strategy
How to Easily Schedule a Meeting with Rapid7 Support
Rapid7 is pleased to announce that you can now schedule a meeting with your Support Engineer with the click of a button.
2 min
Penetration Testing
This One Time on a Pen Test: Your Mouse Is My Keyboard
In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.
3 min
Incident Detection
How to Alert on Rogue DHCP Servers
How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.
4 min
InsightConnect
How Rapid7’s Orchestration and Automation Solution Boosted a Higher Education Security Team’s Effectiveness
We recently had the opportunity to sit down with Adam Elliott to discuss why his team chose Rapid7 and how our solution has increased the overall effectiveness of his security team.
4 min
AWS
Securing Buckets with Amazon S3 Block Public Access
Amazon Web Services recently introduced a new security enhancement to its cloud storage service: Amazon S3 Block Public Access.
3 min
Incident Detection
5 Tips For Monitoring Network Traffic on Your Network
Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.
4 min
Application Security
How to Defend Against Magecart Using CSP
In this blog, we explain how you can defend against Magecart credit card skimming attacks by using HTTP's Content Security Policy.
1 min
Metasploit
Introducing Metasploit’s First Evasion Modules
Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.
2 min
Application Security
The Newegg Breach: PCI Means Nothing to Magecart
Both the British Airways and Newegg breaches occurred at sites that followed data security rules but were not protected against attacks like Magecart.
2 min
Compliance
The British Airways Breach: PCI is Not Enough
Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.
3 min
InsightIDR
Detecting Inbound RDP Activity From External Clients
Today, we discuss how to detect inbound RDP activity from external clients.
4 min
Threat Intel
Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.