Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Justin Pagano  

AUTHOR STATS:

4

The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained

TL;DR This week a vulnerability was disclosed, which could result in sensitive data being leaked from websites using Cloudflare's proxy services. The vulnerability - referred to as "Cloudbleed" - does not affect Rapid7's solutions/services. This is a serious security issue, but…

Optimizing Adaptive Security: New and Known Assets

Since I started working on Rapid7's Information Security team, I've had firsthand experience with what is arguably the hardest part of vulnerability management: Creating and updating a complete inventory of your assets and their vulnerabilities. While you'll never be able to achieve perfection in this…

March 2015 OpenSSL Security Advisory

Today OpenSSL released a security advisory listing 14 vulnerabilities affecting various versions of OpenSSL. There are 2 High, 9 Moderate, and 3 Low severity vulnerabilities in the mix.The security community was anxious that there could be another Heartbleed (or worse) in this list. Thankfully,…

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 and MS15-014 – require a closer look, both because of the…