4 min
Ransomware
2023 Ransomware Stats: A Look Back To Plan Ahead
As we step into 2024, the first victims of ransomware attacks are already being reported. What can the 2023 ransomware stats tell us about the year that was, and how can we use them to plan for the year ahead?
3 min
CISOs
4 Questions for CISOs to Reduce Threat Exposure Risk
The report, 2024 Strategic Roadmap for Managing Threat Exposure, can help CISOs and other top executives steer away from risk by analyzing their attack surfaces for gaps.
7 min
Emergent Threat Response
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Ivanti Connect Secure and Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks and conduct a range of nefarious activities, including backdooring legitimate files.
7 min
Patch Tuesday
Patch Tuesday - January 2024
Hyper-V critical RCE. Office FBX 3D model vuln. SharePoint RCE. Critical Kerberos MitM. No zero-days. Smallest January PT for several years.
2 min
Metasploit
Metasploit Weekly Wrap-Up 1/05/2024
New module content (2)
Splunk __raw Server Info Disclosure
Authors: KOF2002, h00die, and n00bhaxor
Type: Auxiliary
Pull request: #18635
contributed by n00bhaxor
Path: gather/splunk_raw_server_info
Description: This PR adds a module for an authenticated Splunk information
disclosure vulnerability. This module gathers information about the host machine
and the Splunk install including OS version, build, CP
5 min
Career Development
Rapid7’s Data-Centric Approach to AI in Belfast
Read on to find out more about the importance of data and AI at Rapid7!
2 min
Career Development
Rapid7 Recognized by Newsweek as one of ‘America’s Greatest Workplaces for Diversity for 2024’.
On December 13th, Newsweek Magazine published their list of ‘America’s Greatest Workplaces for Diversity for 2024’.
6 min
IoT
Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities
Rapid7, Inc. (Rapid7) discovered vulnerabilities in Aladdin Connect retrofit kit garage door opener and Android mobile application produced by Genie.
8 min
Metasploit
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
As 2023 winds down, we’re taking another look back at all the changes and
improvements to the Metasploit Framework. This year marked the 20th anniversary
since Metasploit version 1.0 was committed and the project is still actively
maintained and improved thanks to a thriving community.
Version 6.3
Early this year in January, Metasploit version 6.3
was released with a number of improvements for targeting Active Dir
10 min
Velociraptor
Velociraptor 0.7.1 Release
Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities that add to the power and efficiency of this open-source digital forensic and incident response (DFIR) platform.
5 min
Vulnerability Management
Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response
The convergence of operational technology (OT) and information technology (IT) has ushered in new efficiencies but has also exposed vulnerabilities. This article explores the pivotal role of Vulnerability Management and Detection and Response (VM/DR) in the realm of Industrial Cybersecurity.
1 min
IoT
There’s One Last Gift Under the Tree, It’s Hands-On IoT!
It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime.
2 min
Metasploit
Metasploit Weekly Wrap-Up: Dec. 22, 2023
Metasploit has added exploit content for the glibc LPE CVE-2023-4911 (AKA Looney Tunables) and RCE exploits for Confluence and Vinchin Backup and Recovery.
3 min
Artificial Intelligence
Securely Build AI/ML Applications in the Cloud with Rapid7 InsightCloudSec
Advancements in Artificial Intelligence and Machine Learning have marked a transformative era, influencing virtually every facet of our lives. As society embraces these advancements, the implications of Generative AI and LLMs extend across diverse sectors.
6 min
Managed Threat Complete
What’s New in Rapid7 Products & Services: 2023 Year in Review
Throughout 2023 Rapid7 has made investments across the Insight Platform to further our mission of providing security teams with the tools to proactively anticipate imminent risk, prevent breaches earlier, and respond faster to threats.