3 min
Metasploit
Metasploit 6 Now Under Active Development
The Metasploit team announces active development of Metasploit Framework 6. Initial features include end-to-end encryption of Meterpreter communications, SMBv3 client support, and a new polymorphic payload generation routine for Windows shellcode.
3 min
InsightIDR
InsightIDR Now Connects to Zoom for Easy Monitoring
Zoom adoption has skyrocketed with spikes in remote working, but web application security needs to be a top priority to avoid disruptions in collaboration.
3 min
Metasploit
Metasploit Wrap-Up - July 31, 2020
SharePoint DataSet/DataTable deserialization
First up we have an exploit from Spencer McIntyre (@zeroSteiner) for
CVE-2020-1147
, a
deserialization vulnerability in SharePoint instances that was patched by
Microsoft on July 14th 2020 and which has been getting quite a bit of attention
in the news lately. This module
utilizes Steven
Seeley (@stevenseeley)'s writeup al
1 min
Metasploit
Open Source Security Meetup (OSSM): Virtual Edition
The Rapid7 Metasploit team will be hosting our annual Open Source Security Meetup (OSSM) as a virtual event Thursday, August 6th!
8 min
Cloud Security
Cloud Best Practices Every Security Professional Should Know
In part one of this series on the cloud and cloud security for security professionals, we dove into everything you’ve ever wanted to know about the cloud.
3 min
Vulnerability Management
Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know
On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.
3 min
Public Policy
Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in the Schrems II case (also known as Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems). Here is our response.
3 min
InsightConnect
Plugin Development Made Easy With Rapid7
The Rapid7 Integrations Team is focused on making plugin development an easy process for all security practitioners, not just those with a programming background.
4 min
Vulnerability Management
Hear from Your Peers: Advice for Your First 90 Days Using a Vulnerability Management Solution
In a recent survey with InsightVM customers, we asked them to share their best tips for the first 90 days of using a vulnerability management solution.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/24/20
Yes, it’s a huge enterprise vulnerability week (again)
For our 100th release since the release of 5.0
18 months ago, our own
zeroSteiner got us a nifty module for the SAP
"RECON" vulnerability
affecting NetWeaver version 7.30 to 7.50. It turns out those versions will allow
anyone to create a
3 min
Rapid7 Culture
#Rapid7Life in a Remote World: Building the Bridge While We Cross
Upon news of our temporarily closed global office spaces to ensure employee health and safety, we made the quantum leap to a remote world and workplace.
3 min
Vulnerability Management
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know
On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.
4 min
InsightIDR
What’s New in InsightIDR: H1 2020 in Review
This post offers a closer look at select highlights of what’s new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020.
5 min
InsightVM
Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder
During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.
6 min
InsightIDR
Defense in Depth Using Deception Technology in InsightIDR
Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.