5 min
Risk Management
2022 Planning: Designing Effective Strategies to Manage Supply Chain Risk
Rapid7 experts spoke with a group of industry panelists about the challenges of supply chain security and how their organizations are tackling them.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/22/21
Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.
4 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1
At this year's DefCon IoT Village, Rapid7 ran a hands-on hardware hacking exercise that exposed attendees to concepts and methods for IoT hacking.
4 min
Cloud Security
A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 1
When it comes to securing your cloud assets' activities at runtime, the first step is deciding how.
7 min
Application Security
OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective
Injection claimed the number 3 spot in OWASP's 2021 Top 10 application security risks. We highlight why injection remains such a formidable threat.
6 min
InsightVM
Passwordless Network Scanning: Same Insights, Less Risk
The Scan Assistant is a lightweight service within InsightVM Network Scan Engine that can scan against targets without the need to provide credentials
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 10/15/21
Four new Moodle modules, plus new features to help red teamers keep track of sessions and forwarded connections.
5 min
Threat Intel
4 Simple Steps for an Effective Threat Intelligence Program
By following these simple steps, you can implement an effective threat intelligence program that's built for the modern cybersecurity environment.
5 min
Cloud Security
Turn On, Tune In, Drop the Noise: Achieve Better Cloud Security by Reducing Noise
For security professionals, it's easy to get lost in the noise. And when it comes to cloud security, tuning into the signal is essential.
7 min
Vulnerability Management
Patch Tuesday - October 2021
Today’s Patch Tuesday sees Microsoft issuing fixes
for over 70 CVEs,
affecting the usual mix of their product lines. From Windows, Edge, and Office,
to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for
workstation and server administrators alike.
One vulnerability has already been seen exploited in the wild: CVE-2021-40449
is
an elev
4 min
Application Security
This Was the Summer of AppSec: All the Improvements We Made in Q3
But before we fall into another season, we wanted to look back on all of the improvements we've made to InsightAppSec and tCell over the last 3 months.
4 min
Kubernetes Security
Have You Checked the New Kubernetes RBAC Swiss Army Knife?
InsightCloudSec’s RBAC tool is an all-in-one open-source tool for analyzing Kubernetes RBAC policies and simplifying Kubernetes RBAC.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/8/21
New modules for vCenter Server and Linux Netfilter, plus fixes and enhancements.
1 min
Detection and Response
Velociraptor to Announce Winners of Its 2021 Contributor Competition
Velociraptor and Rapid7 are excited to announce the winners of our 2021 Velociraptor Contributor Competition on Friday, October 8.
3 min
Emergent Threat Response
Apache HTTP Server CVE-2021-41773 Exploited in the Wild
On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.