4 min
InsightVM
InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning
Scan Diagnostics will report a “vulnerable” result against assets when the Scan Engine is supplied with credentials but unable to gather local information.
2 min
Cloud Security
A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 2
Neither the agent-based nor agentless cloud security approach is better than the other. In some cases, it could be beneficial to leverage both.
3 min
InsightAppSec
Solving the Access Goldilocks Problem: RBAC for InsightAppSec Is Here
Role-Based Access Control (RBAC) lets you flexibly provide the right levels of access to InsightAppSec for each role on your security team.
2 min
Emergent Threat Response
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild
Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Oct. 29, 2021
Modules for Apache Server, Sophos UTM, the OMIgod RCE, and more. Plus, support for reverse port forwarding via established SSH sessions.
12 min
Malware
Infostealer Malware Masquerades as Windows Application
Rapid7's Managed Detection and Response (MDR) team recently identified a malware campaign whose payload installs itself as a Windows application.
6 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2
In part 2 of our series on Rapid7's IoT hacking exercise from DefCon 29, we look at how to determine whether the header we created is UART.
3 min
Rapid7 Culture
Rapid7 Announces Tampa Office Opening
We're thrilled to announce that Rapid7 is expanding its US office footprint with the opening of our newest location in Tampa, Florida.
2 min
Emergent Threat Response
NPM Library (ua-parser-js) Hijacked: What You Need to Know
For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.
3 min
Research
Recog: Data Rules Everything Around Me
Rapid7 has updated the recog framework to help solve the conundrum of content versus code.
5 min
Risk Management
2022 Planning: Designing Effective Strategies to Manage Supply Chain Risk
Rapid7 experts spoke with a group of industry panelists about the challenges of supply chain security and how their organizations are tackling them.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 10/22/21
Metasploit's first modules targeting Kubernetes, plus Windows support for exploiting Confluence Server CVE-2021-26084.
4 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1
At this year's DefCon IoT Village, Rapid7 ran a hands-on hardware hacking exercise that exposed attendees to concepts and methods for IoT hacking.
4 min
Cloud Security
A Matter of Perspective: Agent-Based and Agentless Approaches to Cloud Security, Part 1
When it comes to securing your cloud assets' activities at runtime, the first step is deciding how.
7 min
Application Security
OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective
Injection claimed the number 3 spot in OWASP's 2021 Top 10 application security risks. We highlight why injection remains such a formidable threat.