1 min
Rapid7 Culture
Rapid7 Recognized as a Top Place to Work for 11th Consecutive Year
On November 30th, 2022, Rapid7 was again recognized by The Boston Globe as a Top Place to Work in Massachusetts. This marks the 11th consecutive year Rapid7 has made the list, this time coming in at #3 in the large company category.
3 min
InsightIDR
Search Made Easy: InsightIDR’s Secret Weapon for Efficiency and Efficacy
InsightIDR has lots of features that have enabled my organization to identify and respond more easily to threats. In this blog post, I’m going to share some insight into my favorite – InsightIDR’s Log Search function.
3 min
Application Security
Rapid7 Takes Home 2 Awards and a Highly Commended Recognition at the 2022 Belfast Telegraph IT Awards
Rapid7 was honored at the Belfast Telegraph's annual IT Awards, Friday, taking home a pair of awards including the coveted “Best Place to Work in IT” in the large company category award, and the “Cyber Security Project of the Year” award.
2 min
Emergent Threat Response
CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities
On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security
Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516
[https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516]
announcing fixes for three vulnerabilities:
* CVE-2022-27510 [https://nvd.nist.gov/vuln/detail/CVE-2022-27510]
“Unauthorized access to Gateway user capabilities”
* CVE-2022-27513 [https://nvd.nist.gov/vuln/detai
1 min
Emergent Threat Response
Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.
1 min
Emergent Threat Response
Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)
CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.
3 min
Vulnerability Management
Common questions when evolving your VM program
A recent webinar led by two of Rapid7’s leaders, Peter Scott and Cindy Stanton explored the specific challenges of managing the evolution of risk across traditional and cloud environments.
3 min
Emergent Threat Response
CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed
The Rapid7 research team will update this blog post as we learn more details
about this vulnerability and its attack surface area.
The OpenSSL [https://www.openssl.org/] project released
[https://www.openssl.org/news/cl30.txt] version 3.0.7 on November 1, 2022, to
address CVE-2022-3786 and CVE-2022-3602
[https://www.openssl.org/news/secadv/20221101.txt], two high-severity
vulnerabilities affecting OpenSSL’s 3.0.x version stream discovered and reported
by Polar Bear and Viktor Dukhovni. OpenSSL
3 min
7 Rapid Questions
7 Rapid Questions with Toshio Honda, Sr. Security Solutions Engineer
Rapid7 sat down with Senior Security Solutions Engineer, Toshio Honda, to discuss their career and time at Rapid7.
2 min
Cloud Security
Emerging best practices for securing cloud-native environments
As technology evolves and threats change rapidly, organizations that stay abreast of the latest developments, trends, and industry standards tend to have fewer security risks than those that don't.
3 min
InsightIDR
A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR
At Rapid7, our laser-focus has always been trained on one thing: helping digital defenders spot and stop bad actors. From the start of our story, penetration testing — or pen testing, for short — has been one of the cornerstones of that obsession.
1 min
Lost Bots
[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting
In this episode of The Lost Bots, our hosts dive into the practical side of getting your threat hunting efforts up and running.
3 min
Career Development
5 Things Rapid7 Looks for in a BDR, and How We Spot Them
Our Talent Acquisition Partner, Lauren Coloumbe, shares five things we look for in BDRs and how we spot them in the interview process.
1 min
Lost Bots
[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished
In this Lost Bots episode, our hosts talk phishing — not the everyday kind, but a new technique known as browser-in-browser attacks.
2 min
Detection and Response
OCSF: Working Together to Standardize Data
Rapid7 and other security vendors are collaborating on an Open Cybersecurity Schema Framework (OCSF), an open standard for both data producers and users.