4 min
Cloud Security
Why Security in Kubernetes Isn't the Same as in Linux: Part 1
Deploying your product on a Kubernetes cluster has a different security cost than on a traditional Linux server.
6 min
Ransomware
How Ransomware Is Changing US Federal Policy
The increased stakes of the ransomware threat are pushing regulators to take a harder look at whether regulatory requirements for cybersecurity safeguards are effective.
3 min
InsightIDR
The Great Resignation: 4 Ways Cybersecurity Can Win
Cybersecurity has had a talent shortage for years. Here are four ideas about how to prepare for it and win.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/21/22
while (j==shell); Log4j;
The Log4j loop continues as we release a module targeting vulnerable vCenter
releases. This is a good time to suggest that you check your vCenter releases
and maybe even increase the protection surrounding them, as it’s been a rough
year-plus for vCenter
.
Let your shell do the walking
bcoles sent us a module that targets Grandstream
GXV3175IP phones that allows remote code exec
3 min
Ransomware
Is the Internet of Things the Next Ransomware Target?
What would it take for IoT to be the target of ransomware? This post takes a closer look.
3 min
Research
Open-Source Security: Getting to the Root of the Problem
The past few weeks have shown us the importance and wide reach of open-source security.
4 min
Emergent Threat Response
Active Exploitation of VMware Horizon Servers
Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.
5 min
Security Operations
Metrics That Matter and Curtailing the Cobra Effect
Creating metrics in cybersecurity is hard enough, but creating metrics that matter is a harder challenge still.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: 1/14/22
Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.
2 min
Career Development
7 Rapid Questions: Stephen Donnelly
For this installment of 7 Rapid Questions, we spoke with Stephen Donnelly, Rapid7's Senior Engineering Manager for SOAR in our Belfast office.
5 min
Hacky Holidays 2021
Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List
Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.
4 min
Managed Detection and Response (MDR)
Evaluating MDR Vendors: A Pocket Buyer's Guide
Here are 4 big-picture questions to use as a quick-reference guide in the early stages of your MDR vendor selection journey.
6 min
IoT
A Quick Look at CES 2022
The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.
3 min
Application Security
A December to Remember — Or, How We Improved InsightAppSec in Q4 in the Midst of Log4Shell
We wanted to take a moment to recap some of InsightAppSec and tCell's Q4 highlights and give us all a little much-deserved break from the madness.
3 min
Detection and Response
Demystifying XDR: How Humans and Machines Join Forces in Threat Response
Finding the right balance between machine learning and human know-how is an essential part of a successful XDR implementation.