3 min
Detection and Response
Demystifying XDR: The Time for Implementation Is Now
In the last installment of our Demystifying XDR series, Forrester analyst Allie Mellen fills us in on what XDR implementations look like today.
7 min
Research
Cloud Pentesting, Pt. 2: Testing Across Different Deployments
Pentesting in the cloud is just like on-premise, right? It depends on how a customer has set up their cloud deployment.
7 min
Vulnerability Disclosure
CVE-2022-1026: Kyocera Net View Address Book Exposure
Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information.
4 min
Awards
Rapid7 Announces Partner of the Year Awards 2022 Winners
It’s with immense pleasure that we announce the winners of the Rapid7 Partner of the Year Awards 2022.
4 min
Research
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.
5 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Mar. 25, 2022
Capture Plugin
Capturing credentials is a critical and early phase in the playbook of many
offensive security testers. Metasploit has facilitated this for years with
protocol-specific modules all under the auxiliary/server/capture. Users can
start and configure each of these modules individually, but now the capture
plugin can streamline the process. The capture plugin can easily start 13
different services (17 including SSL enabled versions) on the same listening IP
address including remote int
4 min
Russia-Ukraine Conflict
The Digital Citizen’s Guide to Navigating Cyber Conflict
In this post, we provide advice for non-security-pro digital citizens to protect themselves and, by extension, help protect their organizations.
5 min
Ransomware
4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 1
In this two-part blog series, we will present four common mistakes SMBs make when thinking about ransomware risk.
8 min
Career Development
Reflecting on Women’s History Month at Rapid7
During Women’s History Month, we invited some of our team members to share their best advice for other women in technology.
3 min
Detection and Response
SIEM and XDR: What’s Converging, What’s Not
XDR aims to solve the challenges of the SIEM tool for effective detection and response to targeted attacks.
2 min
Cloud Security
Rapid7 Recognized as Top Ranked in Forrester Wave™ for Cloud Workload Security
We’re excited to share that Rapid7 has been recognized as a Strong Performer in the Forrester Wave™: Cloud Workload Security, Q1 2022.
5 min
Russia-Ukraine Conflict
8 Tips for Securing Networks When Time Is Scarce
In light of increased cyber risk surrounding the Russia-Ukraine conflict, we’ve put together 8 tips that defenders can take right now to prepare.
4 min
Research
Cloud Pentesting, Pt. 1: Breaking Down the Basics
More and more customers are looking to get a pentest done in their cloud deployment. What does that mean?
3 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 18, 2022
CVE-2022-21999 - SpoolFool
Our very own Shelby Pace has added a new module
for the CVE-2022-21999 SpoolFool privilege escalation vulnerability
. This
escalation vulnerability can be leveraged to achieve code execution as SYSTEM.
This new module has successfully been tested on Windows 10 (10.0 Build 19044)
and Windows Server 2019 v1809 (Build 17763.1577).
CVE-2021-4191 - Gitlab GraphQL API User E
2 min
InsightIDR
3 Ways to Leverage the MITRE ATT&CK Framework
The MITRE ATT&CK framework strengthens experiences within InsightIDR by providing context, evidence, and recommendations all in one place.