Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620.…

Don’t Let These Top Cloud Myths Hamper Your Business Decision-Making

Use these insights to help make the right decisions on cloud adoption for your organization.…

NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)

In this edition of our NICER Protocol Deep Dive blog series, we cover the internet exposure of the Microsoft SQL Server.…

Metasploit Wrap-Up

Two new RCE-capable modules and some good fixes and enhancements!…

Announcing the 2020 December Metasploit community CTF

It’s time for another Metasploit community CTF! This time around we’re doing a few things differently. Read on for details.…

This One Time on a Pen Test: CSRF to Password Reset Phishing

In the latest edition of our "This One Time On a Pen Test" series, we take a look at an engagement featuring Cross-site request forgery attacks.…

Congress unanimously passes federal IoT security law

Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.…

Behind the Scenes: Under the Hoodie 2020 Video Series

In this blog, we take you on a behind-the-scenes look at the making of our 2020 Under the Hoodie video series.…

Don’t Put It on the Internet: Tesla Backup Gateway Edition

In this blog, we address Tesla Backup Gateways and identify key areas where Tesla could improve security and privacy to help customers protect themselves.…

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation…

Metasploit Wrap-Up

Four new modules, including an exploit for SaltStack Salt and an exploit for a now-patched vuln in Metasploit, plus new enhancements and fixes.…

NICER Protocol Deep Dive: Internet Exposure of MySQL

In the latest edition of our "NICER Protocol Deep Dive blog series, we take a more detailed look at the internet exposure of MySQL.…

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space.…

2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM

In this post, we’ll explore how a cloud SIEM, like Rapid7 InsightIDR, may be more relevant and impactful than ever before.…

Patch Tuesday - November 2020

Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel Local Elevation of…

Never miss a blog

Get the latest stories, expertise, and news about security today.