3 min
Cloud Security
2022 Cloud Misconfigurations Report: Cloud Security Breaches and Attack Trends
In the 2022 Cloud Misconfigurations Report, we reviewed 68 accounts of breaches from 2021. Let's take a brief look at some of the findings.
5 min
Vulnerability Management
What's New in InsightVM and Nexpose: Q1 2022 in Review
The product updates our vulnerability management (VM) team has made to InsightVM and Nexpose in the last quarter will empower you to stay in charge — not the vulnerabilities.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 4/15/22
Meterpreter Debugging
A consistent message Metasploit hears from users is that debugging and general
logging support could be improved. The gaps in functionality make it difficult
for users to understand what happens when things go wrong and for new and
existing developers to fix bugs and add new features. The Metasploit team has
been trying to improve this in various parts of the framework, the most recent
being Meterpreter. Meterpreter payloads now have additional debugging options
that can be
3 min
InsightAppSec
InsightAppSec and tCell Bring New DevSecOps Improvements in Q1
In Q1 2022, we've continued to improve InsightAppSec and tCell to help organizations shift left and automate security testing prior to deployment.
6 min
Cloud Security
InsightCloudSec Supports the Recently Updated NSA/CISA Kubernetes Hardening Guide
The NSA and CISA recently updated their Kubernetes Hardening Guide. Here's how InsightCloudSec supports the updated guidance.
4 min
Emergent Threat Response
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.
11 min
Vulnerability Management
Patch Tuesday - April 2022
From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.
4 min
Research
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)
On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache.
3 min
XDR
3 Ways InsightIDR Users Are Achieving XDR Outcomes
Users of InsightIDR, Rapid7's cloud SIEM and XDR solution, are already making XDR outcomes a reality.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/8/22
Five new modules targeting Windows, Linux, macOS, and more. Plus, updates to the Log4Shell scanner and a new Windows Meterpreter option to enable additional logging visible in DbgView
2 min
Career Development
7 Rapid Questions: Meet Adrian Stewart, Aspiring Pilot Turned Product Manager
In this installment of 7 Rapid Questions, we talk to Adrian Stewart, a product manager working on InsightAppSec.
8 min
Research
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.
4 min
Rapid7 Culture
The Forecast Is Flipped: Flipping L&D in New Hire Training
The Rapid7 People Development team challenged convention and recently evolved the onboarding program to address the needs of our evolving business and the future of work.
3 min
Managed Detection and Response (MDR)
MDR Plus Threat Intel: 414 New Detections in 251 Days (You’re Welcome)
Now, Threat Command’s threat intelligence platform (TIP) content is integrated with our leading detection and response products and services.
5 min
InsightIDR
What's New in InsightIDR: Q1 2022 in Review
We highlight the updates we made to InsightIDR in Q1 2022 to help you save time while still leveling up your detection and response program.