Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Metasploit Wrap-Up

SharePoint DataSet/DataTable deserialization First up we have an exploit from Spencer McIntyre (@zeroSteiner) for CVE-2020-1147, a deserialization vulnerability in SharePoint instances that was patched by Microsoft on July 14th 2020 and which has been getting quite a bit of attention in the news lately.…

Open Source Security Meetup (OSSM): Virtual Edition

The Rapid7 Metasploit team will be hosting our annual Open Source Security Meetup (OSSM) as a virtual event Thursday, August 6th!…

Cloud Best Practices Every Security Professional Should Know

In part one of this series on the cloud and cloud security for security professionals, we dove into everything you’ve ever wanted to know about the cloud.…

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.…

Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in the Schrems II case (also known as Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems). Here is our response.…

Joe FitzPatrick on the Future of Hardware Security Training Sessions

On this Security Nation episode, Joe FitzPatrick, a lead researcher at securinghardware.com, discusses what it takes to run a successful hardware training session.…

Plugin Development Made Easy With Rapid7

The Rapid7 Integrations Team is focused on making plugin development an easy process for all security practitioners, not just those with a programming background.…

Hear from Your Peers: Advice for Your First 90 Days Using a Vulnerability Management Solution

In a recent survey with InsightVM customers, we asked them to share their best tips for the first 90 days of using a vulnerability management solution.…

Metasploit Wrap-Up

Yes, it’s a huge enterprise vulnerability week (again) For our 100th release since the release of 5.0 18 months ago, our own zeroSteiner got us a nifty module for the SAP "RECON" vulnerability affecting NetWeaver version 7.30 to 7.50.…

#Rapid7Life in a Remote World: Building the Bridge While We Cross

Upon news of our temporarily closed global office spaces to ensure employee health and safety, we made the quantum leap to a remote world and workplace.…

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.…

What’s New in InsightIDR: H1 2020 in Review

This post offers a closer look at select highlights of what’s new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020.…

Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder

During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.…

Defense in Depth Using Deception Technology in InsightIDR

Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.…

Rapid7 Releases 2020 NICER Report

Rapid7 has just released the 2020 National / Internet / Cloud Exposure Report, affectionately called the NICER report.…

Never miss a blog

Get the latest stories, expertise, and news about security today.