All Posts

Metasploit Wrap-Up: 5/22/20

Bad WebLogic Our own Shelby Pace authored an exploit taking advantage of a Java object deserialization vulnerability in multiple different versions of WebLogic. The new module has been tested with versions v12.1.3.0.0, v12.2.1.3.0, and v12.2.1.4.0 of WebLogic and allows remote code execution through the of sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers. Cram it in your Pi-Hole As the incredibly origina

6 min Managed Detection and Response (MDR)

Managing Cybersecurity in the Real Estate Industry

We sat down with Tony Hamil, the senior cybersecurity engineer for a real estate development company, to hear how he and his team are managing security.

6 min InsightVM

Q&A from April 2020 Customer Webcast on InsightVM Dashboards & Executive Summary Report

In this blog post, we wanted to address a number of commonly asked questions regarding InsightVM Dashboards.

6 min Verizon DBIR

Dancing With the Breaches: A Quick Step Through the 2020 Verizon Data Breach Investigations Report (DBIR)

In this blog, the Rapid7 Labs team has you covered with our annual Reader’s Guide for the 2020 Verizon Data Breach Investigations Report.

3 min Remote Working

Integrity Is Indispensable: Assessing Partnerships and Performance Metrics in a Crisis Response

On our third installment of Rapid7’s Remote Work Readiness Series, join us as we reflect on how to leverage partnerships to build trust and mitigate risk.

2 min InsightVM

Rapid7’s InsightVM Receives Five Stars from SC Magazine

We’re proud to announce that Rapid7’s InsightVM solution was recently reviewed by SC Magazine and received a five-star report.

2 min Metasploit

Metasploit Wrap-Up: 5/15/20

Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.

9 min Security Operations (SOC)

Moving Toward a Better Signature Metric in SOCs: Detection Efficacy

In this blog, we break-down the "Detection Efficacy" metric within the Security Operation Center (SOC).

2 min InsightConnect

How to Simplify InsightConnect Workflows Using Join Step

In this blog, we discuss how to simplify your InsightConnect workflows by using the Join Paths Step.

2 min Vulnerability Management

Patch Tuesday - May 2020

Microsoft's fifth Patch Tuesday of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today. The bulk of this month's fixes, as well as most of the critical ones, are fo

4 min Vulnerability Management

Three Switching Costs to Consider When Evaluating a New Vulnerability Management Solution

If you’re looking to switch vulnerability management solutions, read on as we discuss three areas to consider and how to communicate them to leadership.

2 min Cloud Security

DivvyCloud by Rapid7 Announces New Infrastructure as Code Security Capability

DivvyCloud by Rapid7, the leading cloud security platform, today released a new core capability, Infrastructure as Code (IaC) Security. This capability integrates cloud security into the DevOps process, improving developer productivity and preventing cloud security issues during the build process.

5 min

Preparing for the Cybersecurity Maturity Model Certification (CMMC), Part 2: The Larger Picture

In part two of our "Preparing for the Cybersecurity Maturity Model Certification" series, we take a deeper dive to understand how the framework is designed.

3 min COVID-19

Optimizing Security in the Work-From-Home Era

In this blog, we discuss how to optimize security during the work-from-home era.