10 min
Patch Tuesday
Patch Tuesday - January 2022
The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120
CVEs across the bulk of their product line, including 29 previously patched CVEs
affecting their Edge browser via Chromium. None of these have yet been seen
exploited in the wild, though six were publicly disclosed prior to today. This
includes two Remote Code Execution (RCE) vulnerabilities in open source
libraries that are bundled with more recent versions of Windows: CVE-2021-22947
10 min
Vulnerability Disclosure
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices.
4 min
Hacky Holidays 2021
The 2021 Naughty and Nice Lists: Cybersecurity Edition
We asked some of our trusty cybersecurity go-to's who and what they'd place on their industry-specific naughty and nice lists, respectively, for 2021.
6 min
Log4Shell
Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale
Where do you begin to respond to a critical vulnerability like the one in Apache’s Log4j Java library (a.k.a. Log4Shell)? Start with these 5 concepts.
3 min
Metasploit
Metasploit Wrap-Up: Jan. 7, 2022
Dump Windows secrets from Active Directory
This week, our very own Christophe De La Fuente
added an important update
to the existing
Windows Secret Dump module. It is now able to dump secrets from Active
Directory, which will be very useful for Metasploit users. This new feature uses
the Directory Replication Service through RPC to retrieve data such as SIDs,
password history, Domain user NTLM hashes
7 min
Threat Intel
What's New in Threat Intelligence: 2021 Year in Review
Last year marked a huge milestone with the acquisition of IntSights by Rapid7, and over the course of 2021, we continued to add value to our products.
6 min
InsightIDR
What's New in InsightIDR: Q4 2021 in Review
This post offers a closer look at some of the recent releases in InsightIDR, our extended detection and response (XDR) solution, from Q4 2021.
4 min
Hacky Holidays 2021
2022 Cybersecurity Predictions: The Experts Clear Off the Crystal Ball
In keeping with our yearly tradition, we sat down with some experts at Rapid7 and across the industry to get their 2022 cybersecurity predictions.
2 min
Hacky Holidays 2021
Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors
We worked harder than ever in 2021 to help protectors keep their organization's infrastructure secure. Here's a rundown of some of the biggest moments.
6 min
Hacky Holidays 2021
Metasploit 2021 Annual Wrap-Up
Like years past, 2021 brought some surprises and had its shared of celebrity vulnerabilities. Here's are the Metasploit highlights from last year.
6 min
Hacky Holidays 2021
5 Security Projects That Are Giving Back
From white-hat hackers to those volunteering their time to make the internet a safer, more inclusive space, we've highlighted a few security-related projects that exemplify the spirit of giving back.
4 min
MITRE ATT&CK
Sharing the Gifts of Cybersecurity – Or, a Lesson From My First Year Without Santa
You know who some of the best Santas on Earth are? The cybersecurity community.
3 min
Application Security
Test for Log4Shell With InsightAppSec Using New Functionality
In this blog, we share how Rapid7 customers can test for Log4Shell with InsightAppSec.
3 min
Metasploit
Metasploit Wrap-Up: Dec. 17, 2021
A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes
14 min
Log4Shell
The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
This blog is for everyone who wants to understand what’s going on with the Log4Shell vulnerability in Log4j and why the internet seems to be on fire again.