2 min
InsightVM
Nmap Service Detection for Nexpose and InsightVM Scan Engines
As of version 6.6.14 of Nexpose and InsightVM, the Scan Engine can now utilize Nmap service probes in addition to existing detection methods to improve the discovery of previously unsupported protocols and services.
6 min
Preparing for the Cybersecurity Maturity Model Certification (CMMC) Part 1: Practice and Process
Learn how to better understand the terms and structure of the Cybersecurity Maturity Model Certification (CMMC).
3 min
Risk Management
Meet AttackerKB
Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.
2 min
Vulnerability Management
Patch Tuesday - April 2020
Global working-from-home routines haven't slowed down Microsoft and its ability
to help close up vulnerabilities in their products. This April Patch Tuesday
(WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's
not the highest we've seen, but it is still an impressive spread of fixes coming
in this month with a fair number resolving SharePoint and Office vulnerabilities
along with the
3 min
Remote Working
Remote Work Readiness: How to Keep a Security Mindset
Here are some of the best practices to help your company’s staff work from home with minimal risk.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 4/10/20
Meterpreter bug fixes and five new modules, including an LPE exploit for SMBghost (CVE-2020-0796) and a BloodHound post module that gathers information (sessions, local admin, domain trusts, etc.) and stores it as a BloodHound-consumable ZIP file in Framework loot.
2 min
COVID-19
Self-Isolation, Home Networking, and Open Source: Recog and Rumble
In this blog, we discuss an open source project we run here at Rapid7: Recog and its free network fingerprinting database.
7 min
CIS Controls
8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization
Eight practical steps to help you implement key controls into your organization. Get started now!
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
6 min
Vulnerability Management
4 Common Goals For Vulnerability Risk Management Programs
This post will give you a glimpse into the research to pinpoint under-served and unmet customer needs in the vulnerability risk management space.
3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 4/3/2020
This week's release includes a local privilege escalation exploit for VMware Fusion through 11.5.3 on OS X, as well as RCE on Apache Solr and DNN cookie deserialization.
3 min
SIEM
Analyze Security Data Faster with Visual Search in InsightIDR
Learn how InsightIDR, Rapid7’s SIEM tool, uses visualization to provide powerful security data analysis.
17 min
Vulnerability Disclosure
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.
3 min
SIEM
SOC Automation: Threat Detection and Response with SIEM and SOAR
We believe that the best solution to industry-wide struggles with threat detection and response is to increase efficiency using SIEM and SOAR together.
5 min
Vulnerability Management
Reduce False Positive Vulnerabilities by Up To 22%
Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.