4 min
Exposure Command
Introducing the Rapid7 Command Platform
The introduction of the Rapid7 Command Platform - our unified threat exposure and detection and response platform.
5 min
Exposure Command
Rapid7 Introduces Exposure Command to Eliminate the Security Visibility Gap
Exposure Command provides 360-degree visibility and enables security teams to pinpoint and extinguish your most critical risks.
2 min
Metasploit
Metasploit Weekly Wrap-Up 08/02/2024
Metasploit goes to Hacker Summer Camp
Next week, Metasploit will have demos at both Black Hat
and DEF CON where
the latest functionality from this year will be presented. The Black Hat demo
will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on
Saturday the 10th from 12:00 to 13:45.
The highlights will include demonst
2 min
InsightCloudSec
New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation
Building on our cloud risk scoring, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization and quick remediation of the most critical risks.
2 min
Career Development
Celebrating Excellence: Rapid7 Recognized in Newsweek's Greatest Workplaces in America 2024
In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in Newsweek's Greatest Workplaces in America for 2024.
2 min
Reports
New Research: The Proliferation of Cellular in IoT
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.
4 min
Emergent Threat Response
VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
On July 29, Microsoft published threat intelligence on observed exploitation of CVE-2024-37085, an authentication bypass vulnerability in Broadcom VMware ESXi hypervisors that has been used in multiple ransomware campaigns.
1 min
Artificial Intelligence
Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI
"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on leveraging AI to enhance cyber defenses.
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/26/2024
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304
contributed by heyder
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
Description: This adds an auxiliary module for an XXE which results in an
arbitrary file in Magento which is
1 min
Events
Key Takeaways From The Take Command Summit: Command Your Cloud
The Cloud security landscape is constantly changing. During the "Command Your Cloud" session at the Rapid7 Take Command Summit, industry experts Ryan Blanchard, Jeffrey Gardner and Devin Krugly shared vital strategies for staying ahead of that constant change.
6 min
Vulnerability Disclosure
CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
4 min
From Top Dogs to Unified Pack
Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.
4 min
Penetration Testing
Buying Stuff For Free From Shopping Websites
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install.
9 min
Malware
Malware Campaign Lures Users With Fake W2 Form
Rapid7 has recently observed an ongoing campaign targeting users searching for W2 forms using the Microsoft search engine Bing.
2 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.