5 min
Vulnerability Management
Redefining How to Measure the Success of Your Vulnerability Management Program
In this post, we’ll discuss which vulnerability risk management metrics matter and which ones don’t, and how to communicate them effectively.
5 min
How Rapid7 Customer Hilltop Holdings Integrates Security Tools for a Multi-Layered Approach
We interviewed Hilltop Holdings' director of security operations about how his organization approaches multi-level security in the financial industry.
2 min
COVID-19
Our Commitment to Keeping Your Organization Secure During COVID-19
COVID-19 has created a great deal of concern and uncertainty, and we want to reassure you that your security remains our top priority.
3 min
COVID-19
How to WFH and Keep Your Digital Self Safe
In this blog, we discuss how to work from home (WFH) and keep your digital self safe.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 3/13/20
Four new modules and lots of productivity enhancements. You can now run `rubocop -a` to automatically fix most formatting issues when developing modules. Plus, try the new `tip` command in MSF for Framework usage tips!
4 min
Vulnerability Management
How to Understand the TCO and ROI of Your Vulnerability Management Program
In this blog, we discuss the total cost of ownership (TCO) compared to the potential return on investment (ROI) of your Vulnerability Management program.
3 min
Risk Management
CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis
Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.
4 min
InsightIDR
3 Common Threats to Look for in Your Network Data
Today, we'll be highlighting three common threats to keep an eye out for in your network data and the best methods of remediation.
4 min
InsightConnect
Why Our Future in InfoSec Depends on Automation
In this blog, we discuss why our future in Information Security depends on automation.
2 min
Vulnerability Management
Patch Tuesday - March 2020
Let's start off talking about CVE-2020-0688
from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At
the time it was published February 11, 2020, the vulnerability had not seen
active exploitation. As of March 9, 2020, there were increasing reports of
activity
happening on unpatched Exchange
3 min
Podcast
Talking the Origins of THOTCON with Founder Nick Percoco
In a recent episode of Security Nation, we sat down with THOTCON founder Nick Percoco to discuss the Chicago-based security conference.
4 min
InsightVM
How to Secure Containers, Applications, and Serverless Environments
In the final post of our four-part series on security in the cloud, we explain how to secure containers, applications, and serverless environments.
3 min
Metasploit
Metasploit Wrap-Up 3/6/20
Gift exchange
If you're looking for remote code execution against Microsoft Exchange, Spencer
McIntyre crafted up a cool new module
targeting a .NET
serialization vulnerability in the Exchange Control Panel (ECP) web page.
Vulnerable versions of Exchange don't randomize keys on a per-installation
basis, resulting in reuse of the same validationKey and decryptionKey values.
With knowledge of these, an at
4 min
Vulnerability Disclosure
R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)
This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC.
4 min
Penetration Testing
Lessons Learned from an Unlikely Path to My OSCP Certification
In this blog, our own Patrick Laverty discusses lessons learned from his path to a Offensive Security Certified Professional (OSCP) certification.