10 min
Managed Detection and Response (MDR)
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
8 min
Incident Response
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
7 min
Incident Response
RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
5 min
SOAR
Grey Time: The Hidden Cost of Incident Response
The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming.
1 min
Public Policy
Incident Reporting Regulations Summary and Chart
A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.
9 min
Public Policy
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.
5 min
Vulnerability Management
How to Strategically Scale Vendor Management and Supply Chain Security
Here are simple changes that can help you provide more impactful supply chain security guidance and controls to decrease risk.
3 min
Detection and Response
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.
4 min
Public Policy
New US Law to Require Cyber Incident Reports
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
3 min
Incident Response
Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows
Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.
2 min
Incident Response
Rapid7’s Response to Codecov Incident
Cybersecurity is Rapid7’s top priority, and when there is an incident that may
pose a risk to our customers, we are transparent about it. We also believe that
providing this level of transparency ultimately helps the security community
better address potential pending threats and safeguard themselves from future
attacks. With this in mind, we want to share an update concerning the security
incident disclosed by Codecov and its potential impact on our company and
customers, and how we managed the
5 min
Managed Detection and Response (MDR)
MDR Vendor Must-Haves, Part 8: Rapid7 Incident Response (Breach) Support
Having the best threat detection methodologies, a streamlined and efficient process for validating threats, and a rock-solid reporting standard may still leave you open to unexpected costs.
4 min
Detection and Response
Attack vs. Data: What You Need to Know About Threat Hunting
While the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of implementing a threat-hunting program is a bit more complicated, as there are different threat-hunting methodologies to choose from.
1 min
Detection and Response
InsightIDR’s NTA Capabilities Expanded to AWS
We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments.