3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Jan. 1, 2023
Back from a quiet holiday season
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. This wrapup covers the
last three Metasploit releases, and contains three new modules, two updates, and
five bug fixes.
Make sure that your OpenTSDB isn’t too open
Of particular note in this release is a new module from community contributors
Erik Wynter and Shai rod
4 min
Research
Year in Review: Rapid7 Cybersecurity Research
Rapid7 is dedicated to conducting research that benefits the entire cybersecurity community. Here is a sampling of our efforts in 2022.
1 min
Rapid7 Culture
Rapid7 Announces Global Days Off to Support Employees in 2023
On January 3rd, it was a little bit quieter than usual here at Rapid7. That's because our offices were closed for our first of five Global Days Off for 2023.
5 min
Haxmas
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time
to give thanks to all the people that help make our load a little bit lighter.
So, while this end-of-year wrap-up is a highlight reel of the headline features
and extensions that landed in Metasploit-land in 2022, we also want to express
our gratitude and appreciation for our stellar community of contributors,
maintainers, and users. The Metasploit team merged 824 pull requests across
Metasploit-related projects in 20
2 min
IoT
Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing
A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.
5 min
Vulnerability Disclosure
Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy
Rapid7 has updated its coordinated vulnerability disclosure (CVD) policy and philosophy. In this article, you'll learn what prompted the changes.
4 min
Cybersecurity
The 2022 Naughty and Nice List
We asked a few of our experts to share what they think deserves to be on the cybersecurity naughty list and what needs to be on the nice list for 2022.
3 min
Cloud Security
Hallmark Channel: Securing the Season
In 2021, Hallmark Channel finished as the number one network among “women 18 and above”, which led to $147.8 million in revenue generated from holiday programming alone. It’s safe to assume the company doesn’t want intellectual property (IP) theft cutting into those kinds of returns.
4 min
Cloud Security
Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix
In this blog post, we’ll dive into one of the most commonly-used cloud security standards for large, multi-cloud environments: the CSA Cloud Controls Matrix (CCM).
2 min
Emergent Threat Response
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE
Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.
4 min
Vulnerability Disclosure
Cengage LTI Session Management Leakage
Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration (LTI) pipeline.
3 min
Cybersecurity
ICYMI: 10 Cybersecurity Acronyms You Should Know in 2023
Cybersecurity is acronym-heavy to say the least. If you’re reading this, you already know. However, even the nerdiest among us miss a few. So, here are 10 cybersecurity acronyms you should know in 2023.
1 min
Lost Bots
[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us
As the year winds down, we collected predictions that were made for 2022, and new ones for 2023. Then, we asked our Rapid7 colleagues to decide if the prediction was made by a cybersecurity expert—or if it was scuttlebutt.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 12/16/22
A sack full of cheer from the Hacking Elves of Metasploit
It is clear that the Metasploit elves have been busy this season: Five new
modules, six new enhancements, nine new bug fixes, and a partridge in a pear
tree are headed out this week! (Partridge nor pear tree included.) In this sack
of goodies, we have a gift that keeps on giving: Shelby’s
Acronis TrueImage Privilege Escalation
works wonderfully,
even
4 min
Cloud Security
Spoiler Alert: Your Favorite Content Might Not Be Secure
In this blog, we look at the macro issue of the entertainment business shifting to a streaming-first focus and the increased need for content and IP security.