3 min
COVID-19
Optimizing Security in the Work-From-Home Era
In this blog, we discuss how to optimize security during the work-from-home era.
4 min
Vulnerability Management
May 2020 Cisco Remote Vulnerabilities Guidance
Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.
5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: May 8, 2020
Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.
3 min
Application Security
Best Practices for Securing e-Commerce Applications
Learn why e-commerce security is becoming more necessary than ever before, and steps to take to ensure applications are safe from a vulnerability or data breach.
4 min
Vulnerability Management
How to Increase Your Security Team's Visibility Within Your Organization—And What Happens When You Do
In this post, we’ll discuss how you can increase visibility and communication across the organization to improve your team’s reputation and resources.
3 min
SOAR
Why SOAR Is an Essential Cybersecurity Tool for Financial Services Companies
With an efficient and productive cybersecurity process in mind, let’s take a look at how SOAR helped a financial organization protect its customers.
3 min
Detection and Response
5 Challenges Outsourced Detection and Response Operations Can Help Solve
In this blog, we discuss five challenges that managed detection and response (MDR) operations can help solve.
3 min
Metasploit
Metasploit Wrap-Up 5/1/20
Windows Meterpreter payload improvements
Community contributor OJ has made improvements to
Windows Meterpreter payloads. Specifically reducing complexity around extension
building and loading. This change comes with the benefit of removing some
fingerprint artifacts, as well reducing the payload size as a side-effect.
Note that Windows meterpreter sessions that are open prior to this bump will not
be able to load new extensions after the bump if they connect with a new
in
2 min
Application Security
Gartner® Recognizes Rapid7
Vulnerability Management for Application Security Capabilities
Recently, Rapid7 was the only full stack vulnerability risk management vendor to be recognized for Application Security Testing by an industry-leading third-party research firm.
1 min
Cloud Security
Rapid7 Announces Intent to Acquire DivvyCloud
We are thrilled to announce that today we have entered into a definitive agreement to acquire DivvyCloud.
5 min
Research
CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview
On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.
3 min
COVID-19
The Healthcare Security Pro's Guide to Ransomware Attacks
In this blog, we discuss the best practices to defend against ransomware attacks in the healthcare industry.
3 min
Metasploit
Metasploit Wrap-Up 4/24/20
Security fix for the libnotify plugin (CVE-2020-7350)
If you use the libnotify plugin to keep track of when file imports complete, the
interaction between it and db_import allows a maliciously crafted XML file
to execute arbitrary
commands on your system. In proper Metasploit fashion, pastaoficial
PR'd a file format exploit to go along with
the fix, and our own smcintyre-r7
6 min
COVID-19
Stuck Inside? Top Books We Recommend Security Pros Read During Quarantine
Whether you’re looking to brush up on your security skills or curl up with a page-turner, here are our top book picks to quell your quarantine boredom.
3 min
InsightIDR
How InsightIDR Is Accelerating Detection and Response in Modern Environments
According to The Total Economic Impact™ Of Rapid7 InsightIDR, customers experience increased visibility, decreased incident response time, and significant cost savings after switching to InsightIDR from their previous SIEM.