4 min
Vulnerability Disclosure
CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities
Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System.
1 min
Lost Bots
[The Lost Bots] Episode 4: Deception Technology
In this episode of The Lost Bots, Jeffrey talks one-on-one with you about one of his favorite subjects: deception technology.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/27/21
LearnPress authenticated SQL injection
Metasploit contributor h00die added a new module
that exploits CVE-2020-6010
, an
authenticated SQL injection vulnerability in the WordPress LearnPress plugin.
When a user is logged in with contributor privileges or higher, the id parameter
can be used to inject arbitrary code through an SQL query. This exploit can be
used to collect usernames and password hash
3 min
CISOs
The Cybersecurity Skills Gap Is Widening: New Study
A new study reveals organizations are having serious trouble sourcing top-tier cybersecurity talent — despite their need to fill these roles growing more urgent by the day.
5 min
Cybersecurity
[R]Evolution of the Cyber Threat Intelligence Practice
Threat intelligence is transitioning from a separate pillar to a central hub that feeds all the functions of the security organization.
1 min
Lost Bots
[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition
In this extra installment of The Lost Bots, Mike Cohen tells Jeffrey about Velociraptor's 2021 Contributor Competition.
3 min
Managed Detection and Response (MDR)
Rapid7 MDR Named a Market Leader, Again!
Rapid7 is thrilled to be recognized as a Leader in the IDC MarketScape for 2021.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Aug. 20, 2021
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
4 min
Career Development
Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic
We talked with a few of our North America Account Executives to hear firsthand about why they chose to join Rapid7 (even during a pandemic), how they learned about the company, and why they’d recommend Rapid7 as a great place to work.
4 min
Threat Intel
What It Was Like to Attend Black Hat USA 2021 and DEF CON 29 in Person
I attended Black Hat USA 2021 and DEF CON 29, marking the fifth time that I made this annual pilgrimage to Las Vegas for cybersecurity professionals.
3 min
Awards
Rapid7 Announces Partner of the Year Awards 2021 Winners
It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2021.
5 min
Cybersecurity
Fortinet FortiWeb OS Command Injection
An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.
1 min
Cybersecurity
[The Lost Bots] Episode 3: Stories From the SOC
In this third episode, Jeffrey is joined by Stephen Davis, a Technical Lead and Customer Advisor on Rapid7’s Managed Detection and Response team. Stephen shares a story about a phishing attack on an organization
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/13/21
Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.