Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
13 min read

Don’t Put It on the Internet: Tesla Backup Gateway Edition

 Read More
4 min read

National Cybersecurity Awareness Month: Security Pros Offer Top Tips for Staying Safe Online

 Read More
2 min read

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

 Read More
View All Tags

Popular Tags:
3 min read

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620.…

Tod Beardsley
Tod Beardsley Nov 24, 2020 Vulnerability Disclosure
3 min read

Don’t Let These Top Cloud Myths Hamper Your Business Decision-Making

Use these insights to help make the right decisions on cloud adoption for your organization.…

Rapid7
Rapid7 Nov 23, 2020 Cloud Security
5 min read

NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)

In this edition of our NICER Protocol Deep Dive blog series, we cover the internet exposure of the Microsoft SQL Server.…

Tod Beardsley
Tod Beardsley Nov 23, 2020 National / Industry / Cloud Exposure Report (NICER)
3 min read

Metasploit Wrap-Up

Two new RCE-capable modules and some good fixes and enhancements!…

Adam Cammack
Adam Cammack Nov 20, 2020 Metasploit
7 min read

Announcing the 2020 December Metasploit community CTF

It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.…

Alan David Foster
Alan David Foster Nov 19, 2020 Metasploit
2 min read

This One Time on a Pen Test: CSRF to Password Reset Phishing

In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.…

Ted Raffle
Ted Raffle Nov 19, 2020 This One Time on a Pen Test
2 min read

Congress unanimously passes federal IoT security law

Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.…

Harley Geiger
Harley Geiger Nov 18, 2020 Public Policy
1 min read

Behind the Scenes: Under the Hoodie 2020 Video Series

In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.…

Bri Hand
Bri Hand Nov 18, 2020 Under the Hoodie
13 min read

Don’t Put It on the Internet: Tesla Backup Gateway Edition

In this blog, we address Tesla Backup Gateways and identify key areas where Tesla could improve security and privacy to help customers protect themselves.…

Derek Abdine
Derek Abdine Nov 17, 2020 Research
3 min read

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation…

Vivian Ma
Vivian Ma Nov 16, 2020 Vulnerability Management
2 min read

Metasploit Wrap-Up

Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.…

Shelby Pace
Shelby Pace Nov 13, 2020 Metasploit Weekly Wrapup
5 min read

NICER Protocol Deep Dive: Internet Exposure of MySQL

In the latest edition of our "NICER Protocol Deep Dive blog series, we take a more detailed look at the internet exposure of MySQL.…

Tod Beardsley
Tod Beardsley Nov 13, 2020 National / Industry / Cloud Exposure Report (NICER)
3 min read

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space.…

Rapid7
Rapid7 Nov 13, 2020 InsightVM
4 min read

2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM

In this post, we’ll explore how a cloud SIEM, like Rapid7 InsightIDR, may be more relevant and impactful than ever before.…

Meaghan Donlon
Meaghan Donlon Nov 11, 2020 Detection and Response
3 min read

Patch Tuesday - November 2020

Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel Local Elevation of…

Richard Tsang
Richard Tsang Nov 10, 2020 Vulnerability Management

Never miss a blog

Get the latest stories, expertise, and news about security today.

BACK TO TOP