3 min
Cloud Security
Update for CIS Google Cloud Platform Foundation Benchmarks - Version 1.3.0
The Center for Internet Security (CIS) recently released an updated version of their Google Cloud Platform Foundation Benchmarks - Version 1.3.0.
5 min
Vulnerability Disclosure
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.
7 min
Vulnerability Management
Patch Tuesday - May 2022
This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem.
3 min
Cybersecurity
What's Changed for Cybersecurity in Banking and Finance: New Study
The results of a new VMware study show a changing landscape for cybersecurity in banking and finance.
2 min
Emergent Threat Response
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.
1 min
Cloud Security
[Infographic] Cloud Misconfigurations: Don't Become a Breach Statistic
Our latest infographic highlights some key commonalities uncovered in our 2022 Cloud Misconfigurations Report.
3 min
Metasploit
Metasploit Wrap-Up: May 6, 2022
Three new exploit modules, and an update for Windows 11 support
1 min
XDR
Rapid7’s first comic: XDR vs. Exploito
Learn about the adventures of our CISO hero Adira Adama in Rapid7's first comic, XDR vs. Exploito.
11 min
Application Security
XSS in JSON: Old-School Attacks for Modern Applications
This post highlights how cross-site scripting has adapted to today’s modern web applications, specifically the API and Javascript Object Notation (JSON).
3 min
Cloud Security
Is Your Kubernetes Cluster Ready for Version 1.24?
Kubernetes rolled out Version 1.24 on May 3, 2022. This version is packed with notable improvements, so we're covering some of the significant items.
8 min
Managed Detection and Response (MDR)
MDR, MEDR, SOCaaS: Which Is Right for You?
Let’s take a closer look at these three types of detection and response managed services to help you decide the best fit for your organization.
4 min
Cloud Security
Cloud-Native Application Protection (CNAPP): What's Behind the Hype?
Is CNAPP a one-in-all answer to building secure apps in a cloud-first ecosystem, or is it part of a larger story? This post takes a closer look.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/29/22
Module additions this week to enumerate all installed AV products on Windows and escape sandboxes on certain Debian-specific Redis versions. Plus, a new place for Metasploit docs focused on pen testing workflows.
3 min
Emergent Threat Response
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.
5 min
Vulnerability Management
How to Strategically Scale Vendor Management and Supply Chain Security
Here are simple changes that can help you provide more impactful supply chain security guidance and controls to decrease risk.