All Posts

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 4/12/19

WordPress RCE tiyeuse submitted a Metasploit module for an authenticated remote code execution vulnerability in WordPress, which was described in a blog post by RIPS Technology . After authenticating as a user with at least author privileges, the module starts by uploading an image file with PHP code that will be used later. Then the image metadata that references the file

3 min Rapid7 Perspective

How to Start a Career in Cybersecurity: From Stay-at-Home Mom to Security Pro-in-Training

My name is Carlota Bindner, and here is my story on how I went from being a stay-at-home mom and community volunteer to participating in Rapid7's Security Consultant Development Program.

2 min Metasploit

Metasploit Wrap-Up 4/5/19

Your workflow just got easier Are you tired of copy/pasting module names from the search results before you can use them? Thanks to this enhancement (PR #11652) by Brent Cook , you can now run search with the -u flag to automatically use a module if there is only one result. Now you're one step closer to popping a shell! A pair of new JSO modules Metasploit published research a few weeks ago on Java Serializ

5 min Application Security

5 Considerations When Creating an Application Security Program

In this blog, we explain how to address application security within your organization and how this translates into building better code.

2 min Research

Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know

The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.

2 min Metasploit Weekly Wrapup

Metasploit Wrap-Up 3/29/19

Introducing Metasploit Development Diaries We are happy to introduce a new quarterly series, the Metasploit Development Diaries. The dev diaries walk users and developers through some example exploits and give detailed analysis of how the exploits operate and how Metasploit evaluates vulnerabilities for inclusion in Framework. The first in the dev diaries series features technical analysis by sinn3r and includes modules from community members and fellow rese

3 min Threat Intel

Why and Where Cybercriminals Attack the Hospitality Industry

The gaming, leisure, and hospitality industry has been increasingly targeted by cybercrime and faces a unique set of security challenges.

3 min Vulnerability Disclosure

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.

3 min Whiteboard Wednesday

How to Gain Security Visibility into a Modern Environment

In our latest installment of Whiteboard Wednesday, we break down the step-by-step approach you can take to gain visibility across a modern environment and the main areas you should focus on.

8 min Public Policy

The IoT Cybersecurity Improvement Act of 2019

In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.

2 min Events

Rapid7’s Partner Summit 2019: Thank You to Our Partners in EMEA!

We recently hosted our hugely successful EMEA Partner Summit 2019 in Portugal, meeting with over 85 partners from over 27 countries all around Europe, the Middle East, and Africa.

2 min Metasploit

Introducing the Metasploit Development Diaries

In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.

4 min Phishing

Tips for a Successful Phishing Engagement

Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.