3 min
Public Policy
Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in the Schrems II case (also known as Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems). Here is our response.
3 min
InsightConnect
Plugin Development Made Easy With Rapid7
The Rapid7 Integrations Team is focused on making plugin development an easy process for all security practitioners, not just those with a programming background.
4 min
Vulnerability Management
Hear from Your Peers: Advice for Your First 90 Days Using a Vulnerability Management Solution
In a recent survey with InsightVM customers, we asked them to share their best tips for the first 90 days of using a vulnerability management solution.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 7/24/20
Yes, it’s a huge enterprise vulnerability week (again)
For our 100th release since the release of 5.0
18 months ago, our own
zeroSteiner got us a nifty module for the SAP
"RECON" vulnerability
affecting NetWeaver version 7.30 to 7.50. It turns out those versions will allow
anyone to create a
3 min
Rapid7 Culture
#Rapid7Life in a Remote World: Building the Bridge While We Cross
Upon news of our temporarily closed global office spaces to ensure employee health and safety, we made the quantum leap to a remote world and workplace.
3 min
Vulnerability Management
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know
On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.
4 min
InsightIDR
What’s New in InsightIDR: H1 2020 in Review
This post offers a closer look at select highlights of what’s new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020.
5 min
InsightVM
Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder
During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.
6 min
InsightIDR
Defense in Depth Using Deception Technology in InsightIDR
Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.
2 min
Metasploit
Metasploit Wrap-Up: 7/17/20
Plex unpickling
The exploit/windows/http/plex_unpickle_dict_rce module
by h00die
exploits an authenticated Python deserialization
vulnerability in Plex Media Server. The module exploits the vulnerability by
creating a photo library and uploading a Dict file containing a Python payload
to the library’s path. Code execution is then achieved by triggering the plugin
loading functionality, which unpickles the Dic
4 min
InsightConnect
How to Operationalize Threat Response from Chat Using InsightConnect
With InsightConnect, Rapid7’s SOAR tool, you can take action against alerts, threats, and vulnerable hosts directly from your existing communication tools.
3 min
Penetration Testing
The Importance of Pen Testing for Startups
Recently, we sat down with Intenseye's Sercan Esen and Serhat Cillidag to discuss developing robust security programs for startup environments.
5 min
Network Traffic Analysis
Top 5 Ways to Get a Network Traffic Source on Your Network
In this blog, we take a look at the top five ways to get a network traffic source on your network.
4 min
Vulnerability Management
Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know
On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.
4 min
Vulnerability Management
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java
The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.