2 min
Events
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.
2 min
Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization
Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program (TX-RAMP) authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security solutions.
4 min
Career Development
Challenges Drive Career Growth: Meet Rudina Tafhasaj
Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, and incredible rewards.
3 min
Emergent Threat Response
Backdoored XZ Utils (CVE-2024-3094)
On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used command line tool XZ Utils (liblzma).
2 min
Research
Why The External Attack Surface Matters: An analysis into APAC related threat activities
Considerable focus within the cybersecurity industry has been placed on the attack surface of organizations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface.
9 min
Research
The Updated APT Playbook: Tales from the Kimsuky threat actor group
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
2 min
Career Development
Rapid7’s Ciara Cullinan Recognized as Community Trailblazer in Belfast Awards Program
At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award.
6 min
7 Rapid Questions
7 Rapid Questions with #77 Ray Bourque
We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship.
19 min
Emergent Threat Response
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 and CVE-2024-27199, both of which are authentication bypasses.
3 min
Vulnerability Management
High-Risk Vulnerabilities in ConnectWise ScreenConnect
On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier.
3 min
InsightVM
Explanation of New Authenticated Scanning PCI DSS Requirement 11.3.1.2 in PCI DSS V4.0 and how InsightVM can help meet the Requirement
As a Certified Qualified Security Assessor (QSA) company and a trusted Rapid7 partner, MegaplanIT is committed to guiding organizations through the complexities of compliance and security standards.
7 min
Incident Response
RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
3 min
Career Development
Paving a Path to Systems Administration: Naeem Jones’ Journey with Rapid7
Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.
2 min
Emergent Threat Response
Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored and other motivated adversaries.
3 min
Gartner
5 Insights from the Latest Cybersecurity Trends Research
we’ve singled out five quick insights security professionals and stakeholders should consider when looking ahead. These findings are based on Top Trends in Cybersecurity for 2024, a new research report from Gartner®.