3 min
Cloud Security
3 Ways to Improve Data Protection in the Cloud
Here are three cloud data protection best practices highlighted in a recent joint white paper from Rapid7, Mimecast, and Netskope.
3 min
Career Development
5 Things Rapid7 Looks for in a BDR, and How We Spot Them
Our Talent Acquisition Partner, Lauren Coloumbe, shares five things we look for in BDRs and how we spot them in the interview process.
6 min
Vulnerability Management
5 Steps for Dealing With Unknown Environments in InsightVM
In InsightVM, we can use a little bit of SQL, an overarching site with a ping sweep, and a nifty little tag to help get a handle on unknown environments.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 9/2/22
ICPR Certificate Management
This week Metasploit has a new ICPR Certificate Management module from Oliver
Lyak and our very own Spencer McIntyre
, which can be utilized for issuing certificates
via Active Directory Certificate Services. It has the capability to issue
certificates which is useful in a few contexts including persistence, ESC1
and as a
primitive necessary for exp
6 min
Ransomware
Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense
Last month, the Institute for Security and Technology’s Ransomware Task Force launched the Blueprint for Ransomware Defense.
2 min
Research
25 Years of Nmap: Happy Scan-iversary!
On September 1, 1997, the open-source security scanner Nmap was released. Our Director of Research Tod Beardsley reflects on the 25th anniversary.
4 min
Compliance
Rapid7 Makes Security Compliance Complexity a Thing of the Past With InsightIDR
Here are three ways InsightIDR has been built to elevate and simplify your compliance processes.
3 min
Metasploit
Metasploit Wrap-Up: Aug. 26, 2022
Zimbra Auth Bypass to Shell
Ron Bowes added an exploit module
that targets
multiple versions of Zimbra Collaboration Suite. The module leverages an
authentication bypass (CVE-2022-37042) and a directory traversal vulnerability
(CVE-2022-27925) to gain code execution as the zimbra user. The auth bypass
functionality correctly checks for a valid session; however, the function that
performs the check does not
1 min
Public Policy
Incident Reporting Regulations Summary and Chart
A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.
1 min
Lost Bots
[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished
In this Lost Bots episode, our hosts talk phishing — not the everyday kind, but a new technique known as browser-in-browser attacks.
2 min
Security Operations (SOC)
Cybersecurity Analysts: Job Stress Is Bad, but Boredom Is Kryptonite
Repetitive tasks are a big part of a cybersecurity analyst’s day. But combining monotony with the need for attentiveness can be kryptonite.
9 min
Public Policy
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.
3 min
Threat Intel
Network Access for Sale: Protect Your Organization Against This Growing Threat
Vulnerable network access points are a potential gold mine for threat actors. We look at the techniques they use and best practices for prevention.
3 min
Metasploit
Metasploit Wrap-Up: 8/19/22
Advantech iView NetworkServlet Command Injection
This week Shelby Pace has developed a new exploit
module for CVE-2022-2143
. This
module uses an unauthenticated command injection vulnerability to gain remote
code execution against vulnerable versions of Advantech iView software below
5.7.04.6469. The software runs as NT AUTHORITY\SYSTEM, granting the module user
unauthenticated privileged access
4 min
Research
Pushing Open-Source Security Forward: Insights From Black Hat 2022
Here's a look at two Rapid7 researchers' presentations from Black Hat 2022, and how their efforts are helping push open-source security forward.