All Posts

Rapid7 Announces Global Days Off to Support Employees in 2023

On January 3rd, it was a little bit quieter than usual here at Rapid7. That's because our offices were closed for our first of five Global Days Off for 2023.

5 min Haxmas

2022 Annual Metasploit Wrap-Up

It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we also want to express our gratitude and appreciation for our stellar community of contributors, maintainers, and users. The Metasploit team merged 824 pull requests across Metasploit-related projects in 20

2 min IoT

Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing

A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.

5 min Vulnerability Disclosure

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

Rapid7 has updated its coordinated vulnerability disclosure (CVD) policy and philosophy. In this article, you'll learn what prompted the changes.

4 min Cybersecurity

The 2022 Naughty and Nice List

We asked a few of our experts to share what they think deserves to be on the cybersecurity naughty list and what needs to be on the nice list for 2022.

3 min Cloud Security

Hallmark Channel: Securing the Season

In 2021, Hallmark Channel finished as the number one network among “women 18 and above”, which led to $147.8 million in revenue generated from holiday programming alone. It’s safe to assume the company doesn’t want intellectual property (IP) theft cutting into those kinds of returns.

4 min Cloud Security

Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix

In this blog post, we’ll dive into one of the most commonly-used cloud security standards for large, multi-cloud environments: the CSA Cloud Controls Matrix (CCM).

2 min Emergent Threat Response

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.

4 min Vulnerability Disclosure

Cengage LTI Session Management Leakage

Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration (LTI) pipeline.

3 min Cybersecurity

ICYMI: 10 Cybersecurity Acronyms You Should Know in 2023

Cybersecurity is acronym-heavy to say the least. If you’re reading this, you already know. However, even the nerdiest among us miss a few. So, here are 10 cybersecurity acronyms you should know in 2023.

1 min Lost Bots

[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us

As the year winds down, we collected predictions that were made for 2022, and new ones for 2023. Then, we asked our Rapid7 colleagues to decide if the prediction was made by a cybersecurity expert—or if it was scuttlebutt.

4 min Metasploit

Metasploit Weekly Wrap-Up: 12/16/22

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! (Partridge nor pear tree included.) In this sack of goodies, we have a gift that keeps on giving: Shelby’s Acronis TrueImage Privilege Escalation works wonderfully, even

4 min Cloud Security

Spoiler Alert: Your Favorite Content Might Not Be Secure

In this blog, we look at the macro issue of the entertainment business shifting to a streaming-first focus and the increased need for content and IP security.

3 min Compliance

Cloud Audit: Compliance + Automation

Today’s regulatory environment is incredibly fractured and extensive. However, deploying a cloud security posture management (CSPM) can ease the administrative burden associated with staying in compliance.

1 min Emergent Threat Response

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.