2 min
Rapid7 Perspective
Standing Together: A Public Statement from Rapid7 CEO Corey Thomas
It has been shocking for many people in the United States and around the world to see the stark racial injustice and inequality that still exists in the US.
3 min
Rapid7 Perspective
How to Start a Career in Cybersecurity: From Stay-at-Home Mom to Security Pro-in-Training
My name is Carlota Bindner, and here is my story on how I went from being a stay-at-home mom and community volunteer to participating in Rapid7's Security Consultant Development Program.
8 min
Public Policy
The IoT Cybersecurity Improvement Act of 2019
In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.
2 min
Rapid7 Perspective
Helping Kids Hack the Future: Rapid7 Supports BoSTEM Program in Pi Day Fundraiser
Children are our future. That’s why we’re stepping up to support a matching fundraising effort for BoSTEM.
3 min
Rapid7 Perspective
Rapid7 Included in 2019 Bloomberg Gender-Equality Index for Commitment to Diversity
We are extremely proud to announce that Rapid7 has been included in the 2019
Bloomberg Gender-Equality Index (GEI), which recognizes organizations for being
transparent in their commitment to gender equality. We are thrilled by this, as
the GEI’s scoring method celebrates both our best-in-class elements, as well as
our willingness to disclose our efforts toward creating a gender-neutral
organization. It also helps us to understand our performance and identify
opportunities to continue to learn a
5 min
Rapid7 Perspective
Actually, Grindr is Fine: FUD and Security Reporting
On Wednesday, March 28, NBC reported Grindr security flaws expose users'
location data
[https://www.nbcnews.com/feature/nbc-out/security-flaws-gay-dating-app-grindr-expose-users-location-data-n858446]
, a story which ticks a couple hot-button topics for security professionals and
security reporters alike. It’s centered around the salacious topic of online
dating in the LGBT community, and hits a personal safety concern for people
using the app everywhere, not to mention the possibility of outing
3 min
Threat Intel
Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up
Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up!
2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up
Get the Full Report
[https://www.rapid7.com/info/threat-report/2017-q4-threat-report]
We could not have picked a better year to start doing this, as 2017 was one for
the books. While we spent most of the year falling headfirst into a world where
nation-state tools are available for anyone to use, the worm re-emerged (now
evolved [/2017/06/27/petya-ransomware-explai
2 min
Public Policy
FCC Repeals Net Neutrality: What Now?
[Update 05/16/18: The US Senate passed a resolution
[https://www.markey.senate.gov/imo/media/doc/CRA%20Net%20Neutrality%20.pdf], led
by Sen. Ed Markey, to reject the FCC rule that repealed net neutrality. Rapid7
supports the resolution and other efforts to effectively reinstate net
neutrality safeguards.]
This week, Rapid7 hosted an event with Massachusetts’ Edward J. Markey and a
number of Boston’s technology and business leaders to protest the likely repeal
of net neutrality. Our CEO, Corey T
4 min
Rapid7 Perspective
Attention Humans: The ROBOT Attack
What’s the ROBOT Attack?
On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and
Craig Young published a paper, website, testing tool, and CTF at robotattack.org
[https://robotattack.org] detailing a padding oracle attack that affects the way
cryptography is handled on secure websites. ROBOT, which stands for Return Of
Bleichenbacher's Oracle Threat, details a weakness in the RSA encryption
standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a
secur
2 min
Rapid7 Perspective
Standing with Massachusetts technology leaders in support of net neutrality
On Monday, Rapid7 will host Senator Edward J. Markey and a group of technology
and business leaders from across Massachusetts as we stand in support of net
neutrality. Together, we’ll affirm our commitment to a free and open internet
that promotes growth and innovation and gives all users broad access to internet
content.
At the heart of net neutrality is the principle that internet service providers
must treat all content transmitted across the internet equally. In practice,
this means that IS
5 min
Rapid7 Perspective
NCSAM Security Crash Diet, Week 2: Social and Travel
Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.
3 min
Rapid7 Perspective
NCSAM: A Personal Security Crash Diet
We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.
2 min
Vulnerability Management
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On?
Yesterday’s Apache Struts vulnerability announcement
[https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/]
describes an XML Deserialization issue in the popular Java framework for web
applications. Deserialization of untrusted user input, also known as CWE-502
[https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known
vulnerability pattern, and I would expect crimeware kits to
7 min
Rapid7 Perspective
2017 Cybersecurity Horoscopes
What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked
crystal balls, and cast runes to peer into the future. See what the signs have
in store for you in the new year.
Sage Corey Thomas, Rapid7
Gazing into the future of 2017, I believe we will continue to see market
consolidation of security vendors. With a focus on increasing productivity,
organizations will move further from disparate, point-solutions that solve just
one problem to solutions that can be leveraged through
4 min
IoT
On the Recent DSL Modem Vulnerabilities
by Tod Beardsley [https://twitter.com/todb] and Bob Rudis
[https://twitter.com/hrbrmstr]
What's Going On?
Early in November, a vulnerability was disclosed affecting Zyxel DSL modems,
which are rebranded and distributed to many DSL broadband customers across
Europe. Approximately 19 days later, this vulnerability was leveraged in
widespread attacks across the Internet, apparently connected with a new round of
Mirai botnet activity.
If you are a DSL broadband customer, you can check to see if yo