11 min
Research
The Masked SYNger: Investigating a Traffic Phenomenon
At the beginning of 2020, Rapid7 and other researchers began noticing increased scanning activity against a variety of TCP ports.
3 min
InsightVM
Finding Flexibility in Your Vulnerability Management Solution
In this post, we’re sharing the three key areas of flexibility within InsightVM, and how this can benefit your vulnerability management initiatives.
2 min
Metasploit
Metasploit Wrap-Up: 5/22/20
Bad WebLogic
Our own Shelby Pace authored an exploit taking
advantage of a Java object deserialization vulnerability in multiple different
versions of WebLogic. The new module has been tested with versions v12.1.3.0.0,
v12.2.1.3.0, and v12.2.1.4.0 of WebLogic and allows remote code execution
through the of sending a serialized BadAttributeValueExpException object over
the T3 protocol to vulnerable WebLogic servers.
Cram it in your Pi-Hole
As the incredibly origina
6 min
Managed Detection and Response (MDR)
Managing Cybersecurity in the Real Estate Industry
We sat down with Tony Hamil, the senior cybersecurity engineer for a real estate development company, to hear how he and his team are managing security.
6 min
InsightVM
Q&A from April 2020 Customer Webcast on InsightVM Dashboards & Executive Summary Report
In this blog post, we wanted to address a number of commonly asked questions regarding InsightVM Dashboards.
6 min
Verizon DBIR
Dancing With the Breaches: A Quick Step Through the 2020 Verizon Data Breach Investigations Report (DBIR)
In this blog, the Rapid7 Labs team has you covered with our annual Reader’s Guide for the 2020 Verizon Data Breach Investigations Report.
3 min
Remote Working
Integrity Is Indispensable: Assessing Partnerships and Performance Metrics in a Crisis Response
On our third installment of Rapid7’s Remote Work Readiness Series, join us as we reflect on how to leverage partnerships to build trust and mitigate risk.
2 min
InsightVM
Rapid7’s InsightVM Receives Five Stars from SC Magazine
We’re proud to announce that Rapid7’s InsightVM solution was recently reviewed by SC Magazine and received a five-star report.
2 min
Metasploit
Metasploit Wrap-Up: 5/15/20
Five new modules, including SaltStack Salt Master root key disclosure and unauthenticated RCE on Salt master and minion. A new Meterpreter fix also ensures correct handling of out-of-order packets in pivoted sessions.
9 min
Security Operations (SOC)
Moving Toward a Better Signature Metric in SOCs: Detection Efficacy
In this blog, we break-down the "Detection Efficacy" metric within the Security Operation Center (SOC).
2 min
InsightConnect
How to Simplify InsightConnect Workflows Using Join Step
In this blog, we discuss how to simplify your InsightConnect workflows by using the Join Paths Step.
2 min
Vulnerability Management
Patch Tuesday - May 2020
Microsoft's fifth Patch Tuesday
of the year brings us fixes for 111 different security issues, just a touch
under what we saw from them last month
but still on the higher side of their typical volume. No 0-days to speak of, and
no vulnerabilities that had been publicly disclosed before today.
The bulk of this month's fixes, as well as most of the critical ones, are fo
4 min
Vulnerability Management
Three Switching Costs to Consider When Evaluating a New Vulnerability Management Solution
If you’re looking to switch vulnerability management solutions, read on as we discuss three areas to consider and how to communicate them to leadership.
2 min
Cloud Security
DivvyCloud by Rapid7 Announces New Infrastructure as Code Security Capability
DivvyCloud by Rapid7, the leading cloud security platform, today released a new core capability, Infrastructure as Code (IaC) Security. This capability integrates cloud security into the DevOps process, improving developer productivity and preventing cloud security issues during the build process.
5 min
Preparing for the Cybersecurity Maturity Model Certification (CMMC), Part 2: The Larger Picture
In part two of our "Preparing for the Cybersecurity Maturity Model Certification" series, we take a deeper dive to understand how the framework is designed.