2 min
Research
Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know
The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/29/19
Introducing Metasploit Development Diaries
We are happy to introduce a new quarterly series, the Metasploit Development
Diaries. The dev diaries walk users and developers through some example exploits
and give detailed analysis of how the exploits operate and how Metasploit
evaluates vulnerabilities for inclusion in Framework. The first in the dev
diaries series features technical analysis by sinn3r
and includes modules from community
members and fellow rese
2 min
Threat Intel
Why and Where Cybercriminals Attack the Hospitality Industry
The gaming, leisure, and hospitality industry has been increasingly targeted by cybercrime and faces a unique set of security challenges.
3 min
Vulnerability Disclosure
R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing
A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.
3 min
Whiteboard Wednesday
How to Gain Security Visibility into a Modern Environment
In our latest installment of Whiteboard Wednesday, we break down the step-by-step approach you can take to gain visibility across a modern environment and the main areas you should focus on.
8 min
Public Policy
The IoT Cybersecurity Improvement Act of 2019
In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.
2 min
Events
Rapid7’s Partner Summit 2019: Thank You to Our Partners in EMEA!
We recently hosted our hugely successful EMEA Partner Summit 2019 in Portugal, meeting with over 85 partners from over 27 countries all around Europe, the Middle East, and Africa.
2 min
Metasploit
Introducing the Metasploit Development Diaries
In our new Metasploit Development Diaries series, we will share stories of how exploitable conditions become stable, seasoned Metasploit Framework modules.
4 min
Phishing
Tips for a Successful Phishing Engagement
Many factors can go into making a phishing engagement a success, so in this blog, we will share some tips for making sure your organization gets the most out of its upcoming engagement.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Mar. 22, 2019
Spring is here: Four new modules and metashell improvements.
1 min
InsightVM
Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
5 min
Research
Buy One Device, Get Data Free: Private Information Remains on Donated Tech
When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center. However, have you ever wondered what happens to these devices and the data within them?
5 min
Customer Perspective
Customer Perspective: How to Build an Agile Security Program in Rapidly Changing Times
In this post, Chaim Mazal of ActiveCampaign shares his best practices for building a security program amid chaos and rapid change.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 3/15/19
elFinder remote command injection
elFinder is a client-side open-source
file manager tool written for web applications. In a browser it has the look and
feel of a native file manager application. It ships with a PHP connector
, which integrates the
client side with the back end server. The connector provides the ability for
unauthenticated users to upload an image and resize it. It does so by shelling