All Posts

Metasploit Wrap-Up: May 8, 2020

Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.

3 min Application Security

Best Practices for Securing e-Commerce Applications

Learn why e-commerce security is becoming more necessary than ever before, and steps to take to ensure applications are safe from a vulnerability or data breach.

4 min Vulnerability Management

How to Increase Your Security Team's Visibility Within Your Organization—And What Happens When You Do

In this post, we’ll discuss how you can increase visibility and communication across the organization to improve your team’s reputation and resources.

3 min SOAR

Why SOAR Is an Essential Cybersecurity Tool for Financial Services Companies

With an efficient and productive cybersecurity process in mind, let’s take a look at how SOAR helped a financial organization protect its customers.

3 min Detection and Response

5 Challenges Outsourced Detection and Response Operations Can Help Solve

In this blog, we discuss five challenges that managed detection and response (MDR) operations can help solve.

3 min Metasploit

Metasploit Wrap-Up 5/1/20

Windows Meterpreter payload improvements Community contributor OJ has made improvements to Windows Meterpreter payloads. Specifically reducing complexity around extension building and loading. This change comes with the benefit of removing some fingerprint artifacts, as well reducing the payload size as a side-effect. Note that Windows meterpreter sessions that are open prior to this bump will not be able to load new extensions after the bump if they connect with a new in

2 min Application Security

Gartner® Recognizes Rapid7 Vulnerability Management for Application Security Capabilities

Recently, Rapid7 was the only full stack vulnerability risk management vendor to be recognized for Application Security Testing by an industry-leading third-party research firm.

1 min Cloud Security

Rapid7 Announces Intent to Acquire DivvyCloud

We are thrilled to announce that today we have entered into a definitive agreement to acquire DivvyCloud.

5 min Research

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.

3 min COVID-19

The Healthcare Security Pro's Guide to Ransomware Attacks

In this blog, we discuss the best practices to defend against ransomware attacks in the healthcare industry.

3 min Metasploit

Metasploit Wrap-Up 4/24/20

Security fix for the libnotify plugin (CVE-2020-7350) If you use the libnotify plugin to keep track of when file imports complete, the interaction between it and db_import allows a maliciously crafted XML file to execute arbitrary commands on your system. In proper Metasploit fashion, pastaoficial PR'd a file format exploit to go along with the fix, and our own smcintyre-r7

6 min COVID-19

Stuck Inside? Top Books We Recommend Security Pros Read During Quarantine

Whether you’re looking to brush up on your security skills or curl up with a page-turner, here are our top book picks to quell your quarantine boredom.

3 min InsightIDR

How InsightIDR Is Accelerating Detection and Response in Modern Environments

According to The Total Economic Impact™ Of Rapid7 InsightIDR, customers experience increased visibility, decreased incident response time, and significant cost savings after switching to InsightIDR from their previous SIEM.

5 min

Confessions of a Former CISO: Promoting Individual Contributors into Leadership Roles

We are excited to announce the release of “Confessions of a Former CISO,” a video series that highlights some of the mistakes, challenges, and successes in the InfoSec industry.

2 min COVID-19

Resources on the Main Street Lending Program to Support Small and Mid-Sized Businesses

The recent stimulus legislation - the “CARES Act” - allocated up to $600 billion for a new Main Street Lending Program to provide relief to small and mid-sized businesses impacted by the COVID-19 pandemic. Here are some resources on the program.