6 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of Redis
In the latest installment of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of Redis.
3 min
Metasploit
Metasploit Wrap-Up 11/27/20
Five new modules, and a reminder for the upcoming CTF
3 min
Vulnerability Disclosure
CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620.
3 min
Cloud Security
Don’t Let These Top Cloud Myths Hamper Your Business Decision-Making
Use these insights to help make the right decisions on cloud adoption for your organization.
5 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)
In this edition of our NICER Protocol Deep Dive blog series, we cover the internet exposure of the Microsoft SQL Server.
3 min
Metasploit
Metasploit Wrap-Up: 11/20/20
Two new RCE-capable modules and some good fixes and enhancements!
7 min
Metasploit
Announcing the 2020 December Metasploit Community CTF
It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.
2 min
This One Time on a Pen Test
This One Time on a Pen Test: CSRF to Password Reset Phishing
In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.
2 min
Public Policy
Congress unanimously passes federal IoT security law
Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.
1 min
Under the Hoodie
Behind the Scenes: Under the Hoodie 2020 Video Series
In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.
13 min
Research
Don’t Put It on the Internet: Tesla Backup Gateway Edition
In this blog, we address Tesla Backup Gateways and identify key areas where Tesla could improve security and privacy to help customers protect themselves.
3 min
Vulnerability Management
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management
programs
focused solely on servers, running quarterly scans that targeted only critical
systems.
But that was then, and you can’t afford such a limited view in the now. Truth
is, vulnerability exploitation now happens indiscriminately across the modern
attack surface—from local and remote endpoints to on-prem and cloud
infrastructure to we
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 11/13/20
Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.
5 min
NICER Reports
NICER Protocol Deep Dive: Internet Exposure of MySQL
In the latest edition of our "NICER Protocol Deep Dive blog series, we take a more detailed look at the internet exposure of MySQL.
4 min
Detection and Response
2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM
In this post, we’ll explore how a cloud SIEM, like Rapid7 InsightIDR, may be more relevant and impactful than ever before.