6 min
Research
For Microsoft Exchange Server Vulnerabilities, Patching Remains Patchy
When it comes to the state of patching for recent Exchange Server vulnerabilities, the picture is more incomplete than you'd think.
4 min
Detection and Response
What's New in InsightIDR: Q3 2021 in Review
This post offers a closer look at some of the recent updates and releases in InsightIDR, our extended detection and response solution, from Q3 2021.
1 min
Lost Bots
[The Lost Bots] Episode 6: D&R + VM = WINNING!
In this episode, Practice Advisor Devin Krugly joins to discuss how Detection and Response + Vulnerability Management = a winning combination.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/1/21
More post modules than we've ever put out in a single release before, courtesy of a university project to add credential gathering capabilities based on the PackRat toolset.
3 min
Cybersecurity
National Cybersecurity Awareness Month: How Security Pros Can Get Involved
To kick off National Cybersecurity Awareness Month 2021, we're providing some ideas for how security pros can spread knowledge around this year's themes.
3 min
Application Security
The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know
In this post, we discuss the 2021 OWASP Top 10 and how the list is evolving alongside the web application security.
3 min
Cloud Security
To the Left: Your Guide to Infrastructure as Code for Shifting Left
Shifting cloud security left helps teams catch misconfigurations, avoid security bottlenecks, and keep both DevOps and SecOps happy.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/24/21
A new evasion module, an exploit for ManageEngine OpManager, fully functional shells over WinRM, and major RDP library improvements.
10 min
Ransomware
Ransomware: Is Critical Infrastructure in the Clear?
Is critical infrastructure in the clear, is it a specific target of ransomware attackers, or is it simply on the same footing as any other organization?
3 min
Metasploit
Easier URI Targeting With Metasploit Framework
Streamline your Metasploit with Metasploit 6.1.4's new support for RHOST URI values
5 min
Career Development
Rapid7 Technical Support: Building a Career Path With Endless Possibilities
We talked with a few of our Technical Support Engineers to hear about why they chose to join Rapid7 and their career growth so far.
2 min
Emergent Threat Response
Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)
On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.
2 min
Cybersecurity
Rapid7 Statement on the New Standard Contractual Clauses for International Transfers of Personal Data
Rapid7 is committed to upholding high standards of privacy and security for our customers, and we are pleased to be able to offer the New SCCs.
3 min
InsightAppSec
Login Authentication Goes Automated With New InsightAppSec Improvements
With our new automated login for InsightAppSec, even the most complex, modern applications can be accessed and scanned quickly and easily. Learn more.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/17/21
New modules for Jira user enumeration, Git Remote Code execution via git-lfs, Geutebruck Camera post exploitation module, and unauthenticated RCE in elFinder PHP application