3 min
Gartner
Gartner® Report: Questions to Ask When Selecting an MDR Provider
In an ongoing effort to help security organizations thoughtfully consider potential providers, we’re pleased to offer this complimentary Gartner® report, Quick Answer: What Key Questions Should I Ask When Selecting an MDR Provider?
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/13/23
New module content (2)
Gather Dbeaver Passwords
Author: Kali-Team
Type: Post
Pull request: #17337
contributed by cn-kali-team
Description: This adds a post exploit module that retrieves Dbeaver session data
from local configuration files. It is able to extract and decrypt credentials
stored in these files for any version of Dbeaver installed on Windows or
Linux/Unix systems.
Gather MinIO Client Key
A
2 min
XDR
2023 Extended Detection & Response (XDR) Buyer's Guide
It may be a while before we know exactly what happened with NOTAM. But, if you rely on outdated technology, it's clear that the time to act is now.
4 min
Open Source
Recog Release v3.0.3
Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor.
18 min
Ransomware
Increasing The Sting of HIVE Ransomware
Recently, Rapid7 observed a malicious actor performing several new techniques for increasing the impact of HIVE ransomware a victim’s environment.
2 min
XDR
Ditch The Duct Tape: Reduce Security Sprawl With XDR
According to the Silicon Valley Business Journal, enterprises now manage an average of 76 security tools. XDR is one way security teams are dealing with the sprawl.
8 min
Vulnerability Management
Patch Tuesday - January 2023
The first Patch Tuesday of 2023 sees Microsoft patching nearly 100 CVEs, including two zero-day vulnerabilities.
4 min
InsightVM
Year in Review: Rapid7 Vulnerability Management
For the InsightVM and Nexpose team, 2022 began with a lot of introspection on how we can add more value and better meet customer needs.
3 min
Metasploit Weekly Wrapup
Metasploit Weekly Wrap-Up: Jan. 1, 2023
Back from a quiet holiday season
Thankfully, it was a relatively quiet holiday break for security this year, so
we hope everyone had a relaxing time while they could. This wrapup covers the
last three Metasploit releases, and contains three new modules, two updates, and
five bug fixes.
Make sure that your OpenTSDB isn’t too open
Of particular note in this release is a new module from community contributors
Erik Wynter and Shai rod
4 min
Research
Year in Review: Rapid7 Cybersecurity Research
Rapid7 is dedicated to conducting research that benefits the entire cybersecurity community. Here is a sampling of our efforts in 2022.
1 min
Rapid7 Culture
Rapid7 Announces Global Days Off to Support Employees in 2023
On January 3rd, it was a little bit quieter than usual here at Rapid7. That's because our offices were closed for our first of five Global Days Off for 2023.
5 min
Haxmas
2022 Annual Metasploit Wrap-Up
It's been another gangbusters year for Metasploit, and the holidays are a time
to give thanks to all the people that help make our load a little bit lighter.
So, while this end-of-year wrap-up is a highlight reel of the headline features
and extensions that landed in Metasploit-land in 2022, we also want to express
our gratitude and appreciation for our stellar community of contributors,
maintainers, and users. The Metasploit team merged 824 pull requests across
Metasploit-related projects in 20
2 min
IoT
Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing
A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.
5 min
Vulnerability Disclosure
Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy
Rapid7 has updated its coordinated vulnerability disclosure (CVD) policy and philosophy. In this article, you'll learn what prompted the changes.
4 min
Cybersecurity
The 2022 Naughty and Nice List
We asked a few of our experts to share what they think deserves to be on the cybersecurity naughty list and what needs to be on the nice list for 2022.