5 min
Career Development
The Rapid7 Sales Culture and Experience: An Inside Look From 2 VPs
We asked two sales leaders who recently joined our team to tell us a little about themselves and why they chose Rapid7 as the next step in their journeys.
5 min
Cloud Security
What It Takes to Securely Scale Cloud Environments at Tech Companies Today
Here are three ways to help empower your teams to take advantage of the many benefits of public cloud infrastructure without sacrificing security.
7 min
Vulnerability Disclosure
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service from running in a guest Windows environment and can crash this service.
4 min
Ransomware
A Year on from the Ransomware Task Force Report
We're marking the anniversary of the Ransomware Task Force’s (RTF) report, which offered 48 recommendations to deter and respond to ransomware attacks
7 min
DFIR
DFIR Without Limits: Moving Beyond the “Sucker's Choice” of Today’s Breach Response Services
Now, DFIR engagements are part of the core Managed Detection and Response service from Rapid7.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 5/20/22
Zyxel firewall unauthenticated command injection
This week, our very own Jake Baines added an
exploit module that leverages CVE-2022-30525
, an
unauthenticated remote command injection vulnerability in Zyxel firewalls with
zero touch provisioning (ZTP) support. Jake is also the author of the original
research and advisory
2 min
InsightIDR
Are You in the 2.5% Who Meet This Cybersecurity Job Requirement?
Multitasking has become a cybersecurity job requirement, but with the right technology, there could be a better way.
2 min
Emergent Threat Response
CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
On May 18, 2022, VMware published an advisory on CVE-2022-22972, a critical authentication bypass affecting multiple solutions.
3 min
Application Security
Find, Fix, and Report OWASP Top 10 Vulnerabilities in InsightAppSec
The OWASP 2021 Attack Template and Report for InsightAppSec helps you use the updated categories from OWASP to inform and focus your AppSec program.
1 min
InsightVM
Maximize Your VM Investment: Fix Vulnerabilities Faster With Automox + Rapid7
The new Automox plugin for Rapid7 InsightConnect closes the aperture of attack for vulnerability findings and automates remediation.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 5/13/22
Spring4Shell module
Community contributor vleminator added a new
module which
exploits CVE-2022-22965
—more
commonly known as "Spring4Shell." Depending on its deployment configuration
, Java Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19
3 min
Cloud Security
Update for CIS Google Cloud Platform Foundation Benchmarks - Version 1.3.0
The Center for Internet Security (CIS) recently released an updated version of their Google Cloud Platform Foundation Benchmarks - Version 1.3.0.
5 min
Vulnerability Disclosure
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.
7 min
Vulnerability Management
Patch Tuesday - May 2022
This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem.
3 min
Cybersecurity
What's Changed for Cybersecurity in Banking and Finance: New Study
The results of a new VMware study show a changing landscape for cybersecurity in banking and finance.