4 min
COVID-19
Support FAQs: Managing Your Organization’s Security in Response to COVID-19
To help you and your organization respond to the COVID-19 pandemic, we’ve assembled a list of FAQs to help maintain your existing security measures.
5 min
Vulnerability Management
How Team Collaboration Can Help You Scale Vulnerability Management
In this blog post, we’ll break down how to do this through team collaboration, key processes, and good security design.
3 min
Vulnerability Management
Patch Tuesday - June 2020
June 2020's Microsoft Patch Tuesday
gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses
CVE-2020-9633
-- a high severity remote code execution vulnerability). While the consistently
high volume of vulnerabilities being addressed each month is alarming at times,
there is a sense of peace in the steps Micros
6 min
Managed Detection and Response (MDR)
Maturing Your Security Posture: Around-the-Clock Threat Detection With Managed Detection & Response (MDR) Services
Recently, we sat down with Jeremiah Dewey, Rapid7’s VP of Managed Services, to chat about how MDR services strengthen traditional security products.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 6/5/20
vBulletin, WordPress, and WebLogic exploits, along with some enhancements and fixes.
3 min
Security Operations
Confessions of a Former CISO: Shaming People for Bad Security
In this edition of Confessions of a Former CISO, Scott King shares some hard lessons he's learned about shaming others for their security.
3 min
SOAR
Amplifying Impact to Reduce Friction: A Guide to Security Team Efficiency
In this blog, Rapid7 product leaders offer advice on how to free up security teams to address critical threats and eliminate repetitive tasks.
5 min
InsightVM
Custom Policy Builder Is Now Available in InsightVM
In today’s policy customization post, we focus on Center for Internet Security (CIS) policies.
2 min
Rapid7 Perspective
Standing Together: A Public Statement from Rapid7 CEO Corey Thomas
It has been shocking for many people in the United States and around the world to see the stark racial injustice and inequality that still exists in the US.
2 min
Research
Rapid7 Quarterly Threat Report: 2020 Q1
In this blog, we break down some of the top findings and highlights from the Rapid7 Quarterly Threat Report: 2020 Q1.
2 min
Threat Intel
Leaked YouTube Credentials Growing in Popularity on Dark Web Forums
Rapid7 researchers have observed a new trend in black markets and cybercrime forums: stolen credentials for prominent YouTube accounts.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 5/29/20
Hello, World!
This week’s wrapup features six new modules, including a double-dose of Synology
and everyone’s favorite, Pi-Hole.
Little NAS, featuring RCE
Synology stations are small(ish) NAS devices, but as Steve Kaun, Nigusu
Kassahun, and h00die have shown, they are not invulnerable. In the first module,
a command injection exists in a scanning function that allows for an
authenticated RCE, and in the second, a coding feature leaks whether a user
exists on the system, allowing for brute-forc
3 min
Remote Working
Assessing Our New Security Landscape: Business Continuity Amid Shifting Priorities
In this installment of our Remote Work Readiness Series, Rapid7 taps security leaders on how how to maintain continuity in a changing security landscape.
11 min
Research
The Masked SYNger: Investigating a Traffic Phenomenon
At the beginning of 2020, Rapid7 and other researchers began noticing increased scanning activity against a variety of TCP ports.
3 min
InsightVM
Finding Flexibility in Your Vulnerability Management Solution
In this post, we’re sharing the three key areas of flexibility within InsightVM, and how this can benefit your vulnerability management initiatives.