Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
3 min read

Rapid7 Introduces Industry Cyber-Exposure Report: Nikkei 225

 Read More
4 min read

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

 Read More
2 min read

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

 Read More
View All Tags

Popular Tags:
2 min read

This One Time on a Pen Test: What’s in the Box?

Here is the story of how one of our penetration testers exploited ExternalBlue on a rogue access point.…

Ted Raffle
Ted Raffle Sep 19, 2019 Penetration Testing
5 min read

Cloud Security Fundamentals: Strategies to Secure Cloud Environments

In a recent webcast, we discussed cloud security best practices, how to avoid common pitfalls, and how to work with DevOps to get the most out of your organization’s cloud investment.…

Aaron Sawitsky
Aaron Sawitsky Sep 18, 2019 Cloud Infrastructure
5 min read

The Fundamentals of Building a Threat Detection and Response Program

In this post, we’ll summarize some of the key takeaways for businesses looking to further their threat detection and response programs, as well as provide helpful resources that will help you along the way.…

Meaghan Donlon
Meaghan Donlon Sep 17, 2019 Incident Detection
4 min read

[Podcast] Digitizing Cybersecurity in Healthcare with Richard Kaufmann

On this week's episode of Security Nation, we spoke with Richard Kaufmann, the information security officer at Amedisys.…

Bri Hand
Bri Hand Sep 16, 2019 Podcast
3 min read

Metasploit Wrap-Up

Fall is in the air, October is on the way, and it is Friday the 13th. We have a lot of updates and features that landed this week, though none are particularly spooky, and unfortunately, none are json-related…1 We recently updated our digital signing…

Brendan Watters
Brendan Watters Sep 13, 2019 Metasploit Weekly Wrapup
2 min read

This One Time on a Pen Test: The Pizza of Doom

Here is the story of how I bypassed physical security controls by posing as a pizza delivery guy and showing up to my client site with a pizza pie.…

Jonathan Stines
Jonathan Stines Sep 12, 2019 Penetration Testing
2 min read

Automating User Provisioning and Deprovisioning with Security Orchestration, Automation, and Response (SOAR)

Here are three ways [security orchestration and automation tools can streamline the user provisioning and deprovisioning process.…

Christie Ott
Christie Ott Sep 11, 2019 Automation and Orchestration
1 min read

Patch Tuesday - September 2019

Today Microsoft released fixes for 79 separate security flaws, affecting products across much of their portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214 and CVE-2019-1215 are both privilege elevation vulnerabilities affecting all supported versions of Windows, one in the log file…

Greg Wiseman
Greg Wiseman Sep 10, 2019 Patch Tuesday
3 min read

CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know

On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.…

boB Rudis
boB Rudis Sep 10, 2019 Vulnerability Management
9 min read

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

This disclosure describes R7-2019-09, composed of three vulnerabilities in the Basic Laboratory Information System (BLIS). Due to flawed authentication and authorization verification, versions of BLIS < 3.5 are vulnerable to unauthenticated password resets (R7-2019-09.1), and versions of BLIS < 3.51 are vulnerable…

Sam Huckins
Sam Huckins Sep 10, 2019 Vulnerability Disclosure
4 min read

How Rapid7 Industry Research Strengthens InsightVM

Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.…

Vivian Ma
Vivian Ma Sep 09, 2019 InsightVM
3 min read

Metasploit Wrap-Up

At our (final!) DerbyCon Town Hall today, the Metasploit team announced the release of an initial exploit module PR for CVE-2019-0708, aka BlueKeep.…

Sonny Gonzalez
Sonny Gonzalez Sep 06, 2019 Metasploit
2 min read

This One Time on a Pen Test: Your Mouse Is My Keyboard

In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials. Here's what happened.…

Rapid7
Rapid7 Sep 05, 2019 Penetration Testing
3 min read

RASP 101: What Is Runtime Application Self-Protection?

If your organization isn't using a runtime application self-protection (RASP) tool to protect your applications, here's what you need to know.…

Bria Grangard
Bria Grangard Sep 04, 2019 Application Security

Blog Feed