4 min
Vulnerability Management
Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know
On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.
4 min
Vulnerability Management
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java
The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.
10 min
Application Security
Unlocking the Power of Macro Authentication in Application Security: Part Three
This is the third and final installment of our series "Unlocking the Power of Macro Authentication in Application Security."
2 min
Public Policy
Rapid7 joins CFAA brief to the Supreme Court
Should it be a federal hacking crime to disobey your workplace computer use policy, or a website's terms of service? A broad interpretation of the CFAA would have far-reaching legal implications for beneficial security research and even ordinary internet behavior.
2 min
Metasploit
Metasploit Wrap-Up: 7/10/20
Intensity not on the Fujita scale
SOC folks may have been feeling increased pressure as word spread of
CVE-2020-5902
being exploited in the wild. Vulnerabilities in networking equipment always pose
a unique set of constraints for IT operations when it comes to mitigations and
patches given their role in connecting users to servers, services or
applications. Yet from an attacker’s perspective this vulnerabili
4 min
InsightConnect
How InsightConnect’s Vulnerability Remediation Toolkit Connects Teams and Speeds Up Workflows
In this blog, we cover how to connect teams and speed up workflows with InsightConnect's Vulnerability Remediation Toolkit.
3 min
InsightCloudSec
The Net Effect: Why Cloud IAM Is So Difficult
Managing identity and access management (IAM) in the cloud is a complex problem—far more complex than it is in traditional, on-premises IT environments guarded by an explicit firewall.
3 min
Security Strategy
Small Business in a Big World (Wide Web): What You Should Know to Stay Secure
In this blog, we share a number of tips to help small businesses decrease the chance of becoming a victim of a cyber-attack.
3 min
InsightIDR
What You Need to Know About Cloud SIEM Deployment and Configuration
In a fast-paced environment, companies need security solutions that boost visibility and empower IT professionals to act confidently and decisively.
3 min
Application Security
Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report
In recent years, web applications have become the biggest target for attacks, as they’re the easiest way for hackers to gain access to valuable information.
3 min
SIEM
Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management
Rapid7 is excited to announce that we have been recognized as a Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM).
3 min
Vulnerability Management
12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) laid out the 12 most exploited vulnerabilities since 2016.
2 min
Metasploit
Metasploit Wrap-Up: 7/3/20
Shifting (NET)GEARs
Community contributor rdomanski added a module
for Netgear R6700v3 routers
that allows
unauthenticated attackers on the same network to reset the password for the
admin user back to the factory default of password. Attackers can then manually
change the admin user's password and log into it after enabling telnet via the
exploit/linux/telnet/netgear_telnetenable module, which will gran
1 min
InsightAppSec
InsightAppSec Release Roundup: What’s New and Updated
In this blog, we recap the latest and greatest ways to work smarter and more efficiently in InsightAppSec, so you can get some much-deserved time back.
3 min
InsightVM
How to Use Custom Policy Builder to Customize Password Policies in InsightVM
In this post, we are going to focus on commonly used customizations for password policies by our customers.