Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.

View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help
2 min read

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

 Read More
2 min read

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

 Read More
4 min read

Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations

 Read More
View All Tags

Popular Tags:
2 min read

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.…

boB Rudis
boB Rudis Feb 24, 2021 News
4 min read

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

Read on to learn more about our North America VRM Software Engineering team, why they chose to bring their talents to Rapid7, and why you should, too!…

Rapid7
Rapid7 Feb 24, 2021 Career Development
2 min read

How to Combat Alert Fatigue With Cloud-Based SIEM Tools

Fortunately, there’s a way to get the visibility your team needs and streamline alerts: leveraging a cloud-based SIEM.…

Margaret Zonay
Margaret Zonay Feb 22, 2021 InsightIDR
4 min read

Metasploit Wrap-Up

GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code (GSoC) participants has authored a PR containing both enhancements & a new module! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified…

Adam Galway
Adam Galway Feb 19, 2021 Metasploit Weekly Wrapup
4 min read

Take the Full-Stack Approach to Securing Your Modern Attack Surface

Let’s take a more in-depth look at modern vulnerability risk management (VRM) and what to look for in a holistic solution.…

Aaron Wells
Aaron Wells Feb 19, 2021 Vulnerability Management
3 min read

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack.…

Mark Hamill
Mark Hamill Feb 18, 2021 Application Security
2 min read

Why More Teams are Shifting Security Analytics to the Cloud This Year

As the threat landscape continues to evolve in size and complexity, so does the security skills and resource gap, leaving organizations both understaffed and overwhelmed.…

Margaret Zonay
Margaret Zonay Feb 17, 2021 Cloud Infrastructure
2 min read

Monitor Google Cloud Platform (GCP) Data With InsightIDR

Today, more and more organizations are adopting multi-cloud or hybrid environments, creating increasingly more dispersed security environments…

Margaret Zonay
Margaret Zonay Feb 16, 2021 InsightIDR
3 min read

Metasploit Wrap-Up

This installment includes a new MicroFocus RCE module, an updated Microsoft Exchange patch bypass, and items without 'Micro' in the title, too!…

Adam Galway
Adam Galway Feb 12, 2021 Metasploit Weekly Wrapup
11 min read

Talkin’ SMAC: Alert Labeling and Why It Matters

This blog post will demonstrate some common pitfalls of alert labeling, and offers a new framework for SOCs to use.…

matthew berninger
matthew berninger Feb 12, 2021 Security Operations Center (SOC)
4 min read

New InsightVM Dashboard Helps You Discover Significant Changes in Your Environment from the Past 30 Days

Organizations are in a constant struggle to identify and reduce risks in their constantly changing environments…

Dane Grace
Dane Grace Feb 12, 2021 InsightVM
4 min read

CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)

Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function."…

Tod Beardsley
Tod Beardsley Feb 11, 2021 Vulnerability Disclosure
3 min read

SOAR Tools: What to Look for When Investing in Security Automation Tech

In this blog, we break down what you should look for when investing in security automation tech.…

Aaron Wells
Aaron Wells Feb 10, 2021 SOAR
7 min read

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family Family Vulnerability Count Windows…

Greg Wiseman
Greg Wiseman Feb 09, 2021 Vulnerability Management
2 min read

Metasploit Wrap-Up

This week's edition: Baron Samedit 'sudo' exploit module, OneDrive sync enumeration, and WP credential gathering via Abandoned Cart plugin.…

Christophe De La Fuente
Christophe De La Fuente Feb 05, 2021 Metasploit

Never miss a blog

Get the latest stories, expertise, and news about security today.

BACK TO TOP