5 min
Customer Perspective
Customer Perspective: How to Build an Agile Security Program in Rapidly Changing Times
In this post, Chaim Mazal of ActiveCampaign shares his best practices for building a security program amid chaos and rapid change.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/15/19
elFinder remote command injection
elFinder is a client-side open-source
file manager tool written for web applications. In a browser it has the look and
feel of a native file manager application. It ships with a PHP connector
, which integrates the
client side with the back end server. The connector provides the ability for
unauthenticated users to upload an image and resize it. It does so by shelling
2 min
Rapid7 Perspective
Helping Kids Hack the Future: Rapid7 Supports BoSTEM Program in Pi Day Fundraiser
Children are our future. That’s why we’re stepping up to support a matching fundraising effort for BoSTEM.
4 min
Detection and Response
Forrester Tech Tide for Detection and Response: Is 2019 the Year of Convergence?
Rapid7 was recently recognized for capabilities spanning security user behavior analytics, security analytics, deception technology, SOAR, and file integrity monitoring.
3 min
InsightIDR
Utilize File Integrity Monitoring to Address Critical Compliance Needs
To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.
3 min
Patch Tuesday
Patch Tuesday - March 2019
Today Microsoft released updates
that resolve over 60 different vulnerabilities. As usual, Windows, web browsers,
and SharePoint Server are all affected. Office gets off relatively lightly with
only a single vulnerability fixed (CVE-2019-0748
, a remote code execution (RCE) vulnerability in the Acces
3 min
Vulnerability Disclosure
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.
4 min
Research
Rapid7 Introduces Industry Cyber-Exposure Report: ASX 200
Today, Rapid7 released our second Industry Cyber-Exposure Report, examining the overall exposure of the ASX 200 family of companies.
3 min
Metasploit
Metasploit Wrap-Up 3/8/19
The Payload UUID and paranoid mode Meterpreter payload and listener features were first introduced and added to many HTTP and TCP Metasploit payloads in mid-2015.
3 min
Customer Perspective
Seasoned Pros Share Career Advice for Cybersecurity Success
In this blog, seasoned pros share what they’ve learned over the course of their careers that would have made a significant impact if they were just setting off at the starting gate.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/1/19
An improvement to HTTP command stagers allows exploits to write on-disk stagers to the location of your choosing.
2 min
Research
Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know
This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.
3 min
Automation and Orchestration
How Security Automation Enables Business Agility
How can any organization’s security team balance these priorities in a rapidly shifting security landscape while staying agile? Automation.
3 min
Vulnerability Management
Why Most Vulnerability Management Programs Fail and What You Can Do About It
In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.
4 min
Vulnerability Management
Checkmate! How to Win at Vulnerability Management Using the Game of Chess
Because the mindset you use to win at chess is the same one you should strive for as an information security professional, you can learn a lot by examining its rules, players, and strategy.