Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

boB Rudis  

Bob Rudis has over 20 years of experience defending companies using data and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure.

AUTHOR STATS:

48

WannaCry, Two Years On: Current Threat Landscape, Forgotten Lessons, and Hope for the Future

In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.…

Key Concepts and Findings from the 2019 Verizon Data Breach Investigations Report

Our Rapid7 Labs research team has pored over Verizon Data Breach Investigations Report to identify some key waypoints to help the Rapid7 community navigate through this sea of information.…

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.…

4 Key Lessons from the Citycomp Data Breach

On April 30, 2019 Motherboard reported on a combined data breach and extortion attempt against Citycomp, a network and internet infrastructure firm based in Germany.…

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…

Apache HTTP Server Privilege Escalation (CVE-2019-0211): What You Need to Know

The joke was on roughly 2 million servers on Monday (April 1!), as the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.…

Rapid7 Introduces Industry Cyber-Exposure Report: ASX 200

Today, Rapid7 released our second Industry Cyber-Exposure Report, examining the overall exposure of the ASX 200 family of companies.…

Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know

This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.…

Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know

On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.…

Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R

Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.…

Secure That Query! Researching the Landscape of DNS over Transport Layer Security (TLS)

In this blog, we highlight research conducted about the landscape of DNS over Transport Layer Security (TLS).…

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.…

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

According to the PHP Extension and Application Repository (PEAR), a security breach had been found on the `pear.php.net` web server.…

The Nightmare After Christmas

With all the incidents that occurred in 2018, you may feel a bit like a CISO Scrooge. Here's how you can prepare for next year (in poem form!)…

Charting the Forthcoming PHPocalypse in 2019

This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.…