Posts tagged Research

2 min Research

25 Years of Nmap: Happy Scan-iversary!

On September 1, 1997, the open-source security scanner Nmap was released. Our Director of Research Tod Beardsley reflects on the 25th anniversary.
4 min Research

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Here's a look at two Rapid7 researchers' presentations from Black Hat 2022, and how their efforts are helping push open-source security forward.
3 min Application Security

Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec

InsightAppSec's new application discovery feature, powered by Rapid7's Project Sonar, helps security teams know what apps are exposed to the internet.
21 min Vulnerability Disclosure

Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software

Rapid7 discovered vulnerabilities and non-security issues affecting Cisco ASA, ASDM, and FirePOWER Services Software for ASA.
5 min Vulnerability Disclosure

CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE

The VMware Workspace ONE Access, Identity Manager, and vRealize Automation products contain a locally exploitable privilege escalation vulnerability.
4 min Events

What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022

​Here's a sneak peek of what we have planned from August 9-12 at the all-star lineup of cybersecurity sessions in Las Vegas, including Black Hat 2022.
9 min Vulnerability Disclosure

QNAP Poisoned XML Command Injection (Silently Patched)

In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.
8 min Vulnerability Disclosure

Primary Arms PII Disclosure via IDOR (FIXED)

Primary Arms, a popular e-commerce site dealing in firearms and related merchandise, suffers from an insecure direct object reference (IDOR) vulnerability.
3 min Ransomware

To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved

Our research shows the "market share" of ransomware groups and how much they focused on different types of data.

2 min Research

Today’s SOC Strategies Will Soon Be Inadequate

New research sponsored by Rapid7 explores the momentum behind SOC modernization and the role extended detection and response (XDR) plays.

3 min Ransomware

For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus

We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.
3 min Ransomware

For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.
5 min Vulnerability Disclosure

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.
4 min Vulnerability Disclosure

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
4 min Ransomware

New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers

"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.

Popular Topics

Tags