1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
5 min
Events
Security Is Shifting in a Cloud-Native World: Insights From RSAC 2022
Here's a closer look at what two Rapid7 presentations from RSAC 2022 had to say about security in a cloud-native world.
4 min
Ransomware
New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers
"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.
3 min
Ransomware
Complimentary GartnerⓇ Report "How to Respond to the 2022 Cyberthreat Landscape": Ransomware Edition
The complimentary GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape"will help you understand and defend against the ransomware threat.
6 min
Patch Tuesday
Patch Tuesday - June 2022
Patches for Follina, more NFS and LDAP vulnerabilities, and the beginning of the end for IE11.
3 min
Vulnerability Disclosure
CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)
With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.
5 min
Events
Defending Against Tomorrow's Threats: Insights From RSAC 2022
Here's a closer look at what some Rapid7 experts who presented at RSAC 2022 had to say about staying ahead of attackers in the months to come.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/10/22
A Confluence of High-Profile Modules
This release features modules covering the Confluence remote code execution bug
CVE-2022-26134 and the hotly-debated CVE-2022-30190, a file format vulnerability
in the Windows Operating System accessible through malicious documents. Both
have been all over the news, and we’re very happy to bring them to you so that
you can verify mitigations and patches in your infrastructure. If you’d like to
read more about these vulnerabilities, Rapid7 has AttackerKB analy
2 min
Events
[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team
We asked four Rapid7 team members to tell us a little bit about their RSAC 2022 experience.
9 min
Metasploit
Announcing Metasploit 6.2
Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.
4 min
Cloud Security
Identifying Cloud Waste to Contain Unnecessary Costs
Cloud environments often increase complexity, which can make managing costs in the cloud more difficult.
4 min
Vulnerability Management
The Hidden Harm of Silent Patches
Silent patches limit who understands how to exploit a vulnerability, which sounds like a great plan — but there's a catch.
3 min
Research
Evaluating the Security of an Enterprise IoT Deployment at Domino's Pizza
Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things (IoT)-based business solution.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 6/3/22
Ask and you may receive
Module suggestions
for the win, this week we see a new module written by jheysel-r7
based on CVE-2022-26352
that
happens to have been suggested by jvoisin in the
issue queue last month. This module targets an arbitrary file upload in dotCMS
ve
7 min
Cloud Security
Cybersecurity Is More Than a Checklist: Joel Yonts on Tech’s Unfair Disadvantage
We sat down with seasoned security executive Joel Yonts to gets his insights on today's best practices in security for tech companies.