1 min
Rapid7 Culture
Rapid7 Announces Global Days Off to Support Employees in 2023
On January 3rd, it was a little bit quieter than usual here at Rapid7. That's because our offices were closed for our first of five Global Days Off for 2023.
5 min
Haxmas
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time
to give thanks to all the people that help make our load a little bit lighter.
So, while this end-of-year wrap-up is a highlight reel of the headline features
and extensions that landed in Metasploit-land in 2022, we also want to express
our gratitude and appreciation for our stellar community of contributors,
maintainers, and users. The Metasploit team merged 824 pull requests across
Metasploit-related projects in 20
2 min
IoT
Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing
A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.
5 min
Vulnerability Disclosure
Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy
Rapid7 has updated its coordinated vulnerability disclosure (CVD) policy and philosophy. In this article, you'll learn what prompted the changes.
4 min
Cybersecurity
The 2022 Naughty and Nice List
We asked a few of our experts to share what they think deserves to be on the cybersecurity naughty list and what needs to be on the nice list for 2022.
3 min
Cloud Security
Hallmark Channel: Securing the Season
In 2021, Hallmark Channel finished as the number one network among “women 18 and above”, which led to $147.8 million in revenue generated from holiday programming alone. It’s safe to assume the company doesn’t want intellectual property (IP) theft cutting into those kinds of returns.
4 min
Cloud Security
Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix
In this blog post, we’ll dive into one of the most commonly-used cloud security standards for large, multi-cloud environments: the CSA Cloud Controls Matrix (CCM).
2 min
Emergent Threat Response
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE
Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.
4 min
Vulnerability Disclosure
Cengage LTI Session Management Leakage
Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration (LTI) pipeline.
3 min
Cybersecurity
ICYMI: 10 Cybersecurity Acronyms You Should Know in 2023
Cybersecurity is acronym-heavy to say the least. If you’re reading this, you already know. However, even the nerdiest among us miss a few. So, here are 10 cybersecurity acronyms you should know in 2023.
1 min
Lost Bots
[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us
As the year winds down, we collected predictions that were made for 2022, and new ones for 2023. Then, we asked our Rapid7 colleagues to decide if the prediction was made by a cybersecurity expert—or if it was scuttlebutt.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 12/16/22
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
tree are headed out this week! (Partridge nor pear tree included.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
Acronis TrueImage Privilege Escalation
works wonderfully,
even
4 min
Cloud Security
Spoiler Alert: Your Favorite Content Might Not Be Secure
In this blog, we look at the macro issue of the entertainment business shifting to a streaming-first focus and the increased need for content and IP security.
3 min
Compliance
Cloud Audit: Compliance + Automation
Today’s regulatory environment is incredibly fractured and extensive. However, deploying a cloud security posture management (CSPM) can ease the administrative burden associated with staying in compliance.
1 min
Emergent Threat Response
CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability
On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.