1 min
InsightVM
Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
5 min
Research
Buy One Device, Get Data Free: Private Information Remains on Donated Tech
When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center. However, have you ever wondered what happens to these devices and the data within them?
5 min
Customer Perspective
Customer Perspective: How to Build an Agile Security Program in Rapidly Changing Times
In this post, Chaim Mazal of ActiveCampaign shares his best practices for building a security program amid chaos and rapid change.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/15/19
elFinder remote command injection
elFinder is a client-side open-source
file manager tool written for web applications. In a browser it has the look and
feel of a native file manager application. It ships with a PHP connector
, which integrates the
client side with the back end server. The connector provides the ability for
unauthenticated users to upload an image and resize it. It does so by shelling
2 min
Rapid7 Perspective
Helping Kids Hack the Future: Rapid7 Supports BoSTEM Program in Pi Day Fundraiser
Children are our future. That’s why we’re stepping up to support a matching fundraising effort for BoSTEM.
4 min
Detection and Response
Forrester Tech Tide for Detection and Response: Is 2019 the Year of Convergence?
Rapid7 was recently recognized for capabilities spanning security user behavior analytics, security analytics, deception technology, SOAR, and file integrity monitoring.
3 min
InsightIDR
Utilize File Integrity Monitoring to Address Critical Compliance Needs
To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.
3 min
Patch Tuesday
Patch Tuesday - March 2019
Today Microsoft released updates
that resolve over 60 different vulnerabilities. As usual, Windows, web browsers,
and SharePoint Server are all affected. Office gets off relatively lightly with
only a single vulnerability fixed (CVE-2019-0748
, a remote code execution (RCE) vulnerability in the Acces
3 min
Vulnerability Disclosure
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.
4 min
Research
Rapid7 Introduces Industry Cyber-Exposure Report: ASX 200
Today, Rapid7 released our second Industry Cyber-Exposure Report, examining the overall exposure of the ASX 200 family of companies.
3 min
Metasploit
Metasploit Wrap-Up 3/8/19
The Payload UUID and paranoid mode Meterpreter payload and listener features were first introduced and added to many HTTP and TCP Metasploit payloads in mid-2015.
3 min
Customer Perspective
Seasoned Pros Share Career Advice for Cybersecurity Success
In this blog, seasoned pros share what they’ve learned over the course of their careers that would have made a significant impact if they were just setting off at the starting gate.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/1/19
An improvement to HTTP command stagers allows exploits to write on-disk stagers to the location of your choosing.
2 min
Research
Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know
This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.