Posts tagged Vulnerability Management

3 min InsightVM

What’s New in InsightVM: Q1 2021 in Review

Here now is a rundown of new features and functionality launched in Q1 2021 for InsightVM and Insight Cloud. We hope you can begin to leverage these changes to drive success across your organization.

2 min Emergent Threat Response

Codecov Discloses Supply Chain Compromise

On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.

2 min Vulnerability Management

Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM

InsightVM’s Executive Summary Report has proved to be a powerful tool, and we’re excited to announce that it just got better.

9 min Patch Tuesday

Patch Tuesday - April 2021

Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical by Microsoft. Let's dive in! New Exchange Server Patches Available If you were only going to patch one thing today, please let it be this. Exchange Server has been a hot topic since the vulnerabilities

3 min Vulnerability Disclosure

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

2 min Research

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.

9 min Vulnerability Management

Patch Tuesday - March 2021

Another Patch Tuesday (2021-Mar [https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar]) is upon us and with this month comes a whopping 122 CVEs.  As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild. Vulnerability Breakdown by S

3 min Cloud Security

How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments

The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and everything you’re working with.

4 min Emergent Threat Response

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

4 min Vulnerability Management

Building a Holistic VRM Strategy That Includes the Web Application Layer

Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

4 min InsightVM

New InsightVM Dashboard Helps You Discover Significant Changes in Your Environment from the Past 30 Days

Organizations are in a constant struggle to identify and reduce risks in their constantly changing environments

4 min Vulnerability Disclosure

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function."