1 min
Lost Bots
[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition
In this extra installment of The Lost Bots, Mike Cohen tells Jeffrey about Velociraptor's 2021 Contributor Competition.
3 min
Managed Detection and Response (MDR)
Rapid7 MDR Named a Market Leader, Again!
Rapid7 is thrilled to be recognized as a Leader in the IDC MarketScape for 2021.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Aug. 20, 2021
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
4 min
Career Development
Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic
We talked with a few of our North America Account Executives to hear firsthand about why they chose to join Rapid7 (even during a pandemic), how they learned about the company, and why they’d recommend Rapid7 as a great place to work.
4 min
Threat Intel
What It Was Like to Attend Black Hat USA 2021 and DEF CON 29 in Person
I attended Black Hat USA 2021 and DEF CON 29, marking the fifth time that I made this annual pilgrimage to Las Vegas for cybersecurity professionals.
3 min
Awards
Rapid7 Announces Partner of the Year Awards 2021 Winners
It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2021.
5 min
Cybersecurity
Fortinet FortiWeb OS Command Injection
An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.
1 min
Cybersecurity
[The Lost Bots] Episode 3: Stories From the SOC
In this third episode, Jeffrey is joined by Stephen Davis, a Technical Lead and Customer Advisor on Rapid7’s Managed Detection and Response team. Stephen shares a story about a phishing attack on an organization
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/13/21
Three new modules that deliver RCE on Atlassian Crowd and privilege escalation to SYSTEM via print drivers. Plus, a new command shell session type for SSH clients and plenty more enhancements and fixes.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
3 min
Incident Response
Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows
Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.
4 min
Emergent Threat Response
ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers
As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.
7 min
Emergent Threat Response
Popular Attack Surfaces, August 2021: What You Need to Know
Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.
10 min
Public Policy
Reforming the UK’s Computer Misuse Act
The CMA is the UK’s anti-hacking law, and we've provided feedback on the issues we see with the legislation.
3 min
Cloud Security
Cloud Security Glossary: Key Terms and Definitions
The cloud security experts here at Rapid7 have created a list of key terms and concepts to help you continue your journey into cloud security and DevSecOps with clarity and confidence.