5 min
Managed Detection and Response (MDR)
Rapid7 Recognized as a Strong Performer in The Forrester Wave™ for MDR, Q2 2023
Rapid7 is proud to be recognized amongst the top 13 vendors, as a Strong Performer, in The Forrester WaveTM: Managed Detection and Response, Q2 2023.
2 min
Emergent Threat Response
CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability
CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software. A patch is available for this vulnerability and should be applied on an emergency basis.
4 min
Metasploit
Metasploit Wrap-Up: May 12, 2023
New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules
1 min
Lost Bots
[The Lost Bots] S03E03. The Rise of The Machines
In this episode of The Lost Bots, Rapid7's Jeffrey Gardner and Stephen Davis discuss the state of AI today and where its going.
9 min
DFIR
The Velociraptor 2023 Annual Community Survey
Rapid7's Velociraptor team distributed our first community survey in early 2023. Here's what we learned!
9 min
Vulnerability Management
Patch Tuesday - May 2023
A relatively light 49 vulnerabilities patched in May 2023, including a new entry method for BlackLotus bootkit malware.
3 min
Metasploit
Metasploit Weekly Wrap-Up: May 5, 2023
Throw another log on the fire
Our own Stephen Fewer authored a module targeting CVE-2023-26360
affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update
15 and earlier. The vulnerability allows multiple paths to code execution, but
our module works by leveraging a request that will result in the server
evaluating the ColdFusion Markup language on an arbitrary file on the remote
system. This all
11 min
Penetration Testing
AppDomain Manager Injection: New Techniques For Red Teams
This article details a variety of ways to perform and utilize AppDomain Manager Injection during red team operations.
6 min
Cloud Security
Cloud Security Strategies for Manufacturing
Most manufacturing organizations struggle with visibility issues in their hybrid cloud environments. This article offers strategies that can help.
4 min
Managed Detection and Response (MDR)
Three Takeaways from the Gartner® Market Guide for Managed Detection and Response Services
We are proud to offer this complimentary Gartner® Market Guide for Managed Detection and Response for businesses of all sizes.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/28/23
Scanner That Pulls Sensitive Information From Joomla Installations
This week's Metasploit release includes a module for CVE-2023-23752 by h00die
. Did you know about the improper API access
vulnerability in Joomla installations, specifically Joomla versions between
4.0.0 and 4.2.7, inclusive? This vulnerability allows unauthenticated users
access to web service endpoints which contain sensitive information such as user
and config information. This module can be used to
4 min
Cloud Security
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
In this article, we discuss how the recently released ISO 27001:2022 compliance pack for InsightCloudSec can benefit your organization.
4 min
InsightVM
Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem
Rapid7 Insight Agent and InsightVM Scan Assistant can improve visibility into your environment. This article explores how and when to use each.
4 min
Rapid7 Culture
Starting a Career in Tech? Learn How Rapid7’s Emerging Talent Programmes Foster Long-Term Success
Rapid7’s Emerging Talent Programmes pave the way for early career professionals to have a successful career in tech.
4 min
Gartner
4 Takeaways from the 2023 Gartner® Market Guide for CNAPP
In an ongoing effort to help security organizations gain greater visibility into risk, we're pleased to offer this complimentary Gartner research, and share our 4 takeaways from the 2023 Gartner® Market Guide for CNAPP.