Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

boB Rudis  

Bob Rudis has over 20 years of experience defending companies using data and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure.

AUTHOR STATS:

50

The Nightmare After Christmas

With all the incidents that occurred in 2018, you may feel a bit like a CISO Scrooge. Here's how you can prepare for next year (in poem form!)…

Charting the Forthcoming PHPocalypse in 2019

This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.…

How Your Organization Can Respond After News of a Major Security Breach

When data breaches occur, there are proactive actions organizations can take to double-check their current-state security posture, practices, and protocols.…

How Retailers Can Protect Against Magecart This Black Friday and Holiday Season

Online credit card-skimming malware Magecart is now a looming threat to nearly every retailer this Black Friday and throughout the rest of the holiday season (and beyond).…

VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices

(Many thanks to Rebekah Brown & Derek Abdine for their contributions to the post.) How does VPNFilter work? Over the past few weeks, Cisco’s Talos group has published some significant new research on a new malware family called VPNFilter. VPNFilter targets and compromises networking…

No More Tears? WannaCry, One Year Later

WannaCry, one year later, and what happened to the SMB target environment.…

CVE 100K: By The Numbers

There have been 100,000 CVEs published. Here are some stats on the program so far.…

Drupalgeddon Vulnerability: What is it? Are You Impacted?

First up: many thanks to Brent Cook, William Vu and Matt Hand for their massive assistance in both the Rapid7 research into “Drupalgeddon” and their contributions to this post. Background on the Drupalgeddon vulnerability The Drupalgeddon 2 vulnerability announcement came out in late March (2018-03-28…

Cisco Smart Install (SMI) Remote Code Execution: What You Need To Know

What’s Up? Researchers from Embedi discovered (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution without authentication. Cisco Smart Install (SMI) is a “plug-and-play” configuration and image-management…

Cavete Symantec Testimonium Exspirare Martiis (Beware the Symantec Certificates Expiring in March)

This is a follow-up post to our December 2017 gift certificate piece discussing the 2018 schedule for distrust of Symantec certificates by Chrome and Firefox browsers. The Ides of March have come and gone and (as promised) we decided to see whether sites have heeded…

An Impressively Unprecedented Drop in Open memcached Services

(Many thanks to Jon Hart and Tom Sellers for their research and content for this blog post.) We started performing weekly monitoring of open/amplification-vulnerable memcached servers after the recent memcrashed amplification distributed denial-of-service (DDoS) attack and today we have some truly awesome news to…

The Flip Side of memcrashed

Rapid7 Labs keeps a keen eye on research and findings from other savvy security and technology organizations and noticed Cloudflare’s report on new distributed denial of service (DDoS) amplification attacks using memcached. If you haven’t read Cloudflare’s (excellent) analysis yet, the TLDR…

UK NCSC's "Active Cyber Defence" Brings New Hope To Our Combined Fight Against Cybercrime

This week the UK National Cyber Security Centre (NCSC) released their first report on the year one results of their "Active Cyber Defence" (ACD) initiative. And, they're amazing. The ACD program came out of an 2016 effort to re-think, re-imagine and re-tool cybersecurity…

Forget The Presents: HaXmas Is All About The [Gift] Certificates

2017 is nearly at an end, and most of the cybersecurity world is glad to see it go. We've been plagued with a myriad of vulnerabilities, misconfigurations and attacks that have kept many of us working harder than Santa's elves on December 23rd to ensure…

INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know

INTEL-SA-00086 vulnerabilities? What’s Up? (Full update log at the end of the post as we make changes.) Intel decided to talk turkey this week about a cornucopia of vulnerabilities that external (i.e. non-Intel) researchers — Mark Ermolov and Maxim Goryachy from Positive Technologies Research…