Once upon a time (a few years ago) vulnerability management programs focused solely on endpoints, running quarterly scans that targeted only critical systems. But that was then, and you can no longer afford such a limited view in the now. To illustrate these changes in…
The most vulnerable moment for attackers is when they first gain internal access to your corporate network. In order to determine their next step, intruders must perform reconnaissance to scout available ports, services, and assets from which they can pivot and gain access to customer…
This is a continuation of our CIS critical security controls blog series. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Let’s start with some simple, yet often unasked questions. Do you know what critical assets—information…
You may have noticed that our weekly wrapups tend to be very light-hearted. A few might say our blog is humourous. Some might even argue that they incorporate low-brow internet jokes and an excessive quantity of memes. Well, I'm here to say we've turned over…
Your vulnerability scanner embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and…
The opening day of RSA offered up copious nods to the need for security to be an integral, integrated part of innovation. RSA President Rohit Ghai talked about moving security upstream in the SDLC, Microsoft’s Brad Smith called for new ways to innovate that…
The Georgia state legislature recently passed a bill - SB 315 - to create a new crime of accessing a computer without authorization. This will become law unless Governor Nathan Deal vetoes the bill by May 8th. Prior to SB 315, Georgia did not have…
What's Your Favorite Security Site? When you are browsing sites on the Internet, you may notice some sites will include your public IP address on their pages. But what if you came across a site that also showed your IP address from your private network…
Last week, Rebekah Brown and I wrapped up The Cuckoo’s Egg with book club readers around the world. Dig through some blog archives to get a sense of how this book club got started and what we’ve discussed so far. Below is a…
Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security…
The following is a guest post from Kevin Beaver. See all of Kevin’s guest writing here. Thomas Edison once said that many of life's failures are experienced by people who did not realize how close they were to success when they gave up. Thinking…
Over 70 vulnerabilities have been fixed this month, including 6 in Adobe Flash (APSB18-08). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once again of the worst variety: Remote Code Execution (RCE)…
Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed in Rapid7 products and supporting services. You won’t need to take any actions: all of the issues have been addressed. We are disclosing these vulnerabilities in order to be transparent, to…
