3 min
Emergent Threat Response
High-Risk Vulnerabilities in Common Enterprise Technologies
Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.
2 min
Emergent Threat Response
CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices
CVE-2024-40766 is a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. As of September 9, 2024, Rapid7 is aware of several recent incidents in which SonicWall SSLVPN accounts were targeted or compromised.
3 min
Emergent Threat Response
Multiple Vulnerabilities in Veeam Backup & Replication
On September 4, 2024, Veeam released their September security bulletin disclosing various vulnerabilities, including CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution.
3 min
Gartner
Our 4 Essential Strategy Takeaways from the Gartner® 2024 Report – How to Prepare for Ransomware Attacks
The 2024 Gartner report, “How to Prepare for Ransomware Attacks”, provides critical insights into the latest tactics used by bad actors and offers practical solutions on how to fortify defenses.
3 min
Gartner
5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
The 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP) provides invaluable insights into the latest trends and technologies that are reshaping how companies protect their digital assets.
4 min
Career Development
Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges
Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering (TIDE) team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security.
5 min
Exposure Command
Rapid7 Introduces Exposure Command to Eliminate the Security Visibility Gap
Exposure Command provides 360-degree visibility and enables security teams to pinpoint and extinguish your most critical risks.
2 min
Career Development
Celebrating Excellence: Rapid7 Recognized in Newsweek's Greatest Workplaces in America 2024
In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in Newsweek's Greatest Workplaces in America for 2024.
2 min
Reports
New Research: The Proliferation of Cellular in IoT
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.
4 min
Emergent Threat Response
VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
On July 29, Microsoft published threat intelligence on observed exploitation of CVE-2024-37085, an authentication bypass vulnerability in Broadcom VMware ESXi hypervisors that has been used in multiple ransomware campaigns.
4 min
From Top Dogs to Unified Pack
Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.
1 min
Rapid7 Culture
Boston Business Journal Names Rapid7 as a Best Place to Work in Boston
On June 13th, 2024, Rapid7 was recognized by The Boston Business Journal as a Best Place to Work in Boston. This marks the 13th consecutive year Rapid7 has made the list, this time coming in at #8 in the extra large company category.
2 min
Government
Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions
Rapid7 has successfully completed an Information Security Registered Assessors Program (IRAP) assessment to PROTECTED Level for several of our Insight Platform solutions.
10 min
Managed Detection and Response (MDR)
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler
McGraw, Sarah Lee, and Thomas Elkins.
Executive Summary
On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious
activity in a customer environment. Our investigation identified that the
suspicious behavior was emanating from the installation of Notezilla, a program
that allows for the creation of sticky notes on a Windows desktop. Installers
for Notezilla, along with tools called RecentX and
4 min
Managed Threat Complete
From Top Dogs to Unified Pack
Cybersecurity is as unpredictable as it is rewarding. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.