1 min
Detection and Response
InsightIDR’s NTA Capabilities Expanded to AWS
We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments.
9 min
Vulnerability Management
Patch Tuesday - March 2021
Another Patch Tuesday (2021-Mar
) is upon us and
with this month comes a whopping 122 CVEs. As usual Windows tops the list of
the most patched product. However, this month it’s browser vulnerabilities
taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the
Exchange Server vulnerabilities this month are not to be ignored as more than
half of them have been seen exploited in the wild.
Vulnerability Breakdown by S
3 min
Cloud Security
How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments
The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and everything you’re working with.
3 min
Metasploit
Metasploit Wrap-Up: 3/5/21
A new exploit for FortiOS and some module target updates.
4 min
Emergent Threat Response
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.
5 min
News
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the
exploitation of Microsoft Exchange through existing detections in InsightIDR
’s Attacker Behavior Analytics
(ABA). The Managed Detection and Response (MDR) identified multiple, related
compromises in the past 72 hours. In most cases, the attacker is uploading an
“eval” webshell, commonly referred to as a “chopper” or “China chopper”. With
this foothold, the attacker would then
3 min
Cloud Security
How to Achieve and Maintain Continuous Cloud Compliance
Complicated cloud compliance is weighing on many organizations as off-premises security quickly becomes more of the norm.
4 min
Metasploit
Metasploit Wrap-Up: 2/26/21
Flink targeting, process herpaderping, and more in this week's Metasploit wrap-up!
7 min
Rapid7 Culture
Celebrating Black History Today and Every Day
In honor of Black History Month, we would like to recognize some of our amazing team members who have made an impact on our company culture, embody our core values, and exude excellence.
4 min
Vulnerability Management
Building a Holistic VRM Strategy That Includes the Web Application Layer
Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post.
3 min
News
Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products
On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.
2 min
News
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.
3 min
Career Development
Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7
Read on to learn more about our North America VRM Software Engineering team, why they chose to bring their talents to Rapid7, and why you should, too!
2 min
InsightIDR
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Fortunately, there’s a way to get the visibility your team needs and streamline alerts: leveraging a cloud-based SIEM.
4 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 2/19/21
GSoC Rocks!
In a rare double whammy, one of our 2020 Google Summer of Code (GSoC)
participants has authored a PR containing both enhancements & a new module
! Improvements to our
SQL injection library now allow PostgreSQL injection, and this new functionality
has been verified with both a test module AND a fully functioning module
exploiting CVE-2019-13375
, a
(Postgr