Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

lasherdotan  

AUTHOR STATS:

12

Gartner calls for rebalancing security budgets: invest more in detection vs. prevention

In his talk last week at the 2014 Gartner Security and Risk Management Summit, Gartner Analyst Neil McDonald said that when targeted attacks are considered, traditional technologies like firewalls, intrusion detection and prevention systems (IDS/IPS) and anti-malware tools fail in detection. That is because…

The Verizon Data Breach Report - 9 Key Takeaways

Last week I hosted a webinar with Nicholas J. Percoco, VP of Strategic Services at Rapid7, where we discussed the latest Verizon DBIR. This year's report, as always, is recommended reading for any security professional as it's probably the most comprehensive piece of research, covering…

New UserInsight Features: Insight into endpoints, User impersonation and Attackers covering their tracks

As user-based attacks become the most common attack vector, the need to identify abnormal user behavior as an indication of an attack is growing. We'd like to share with you some new features that we're releasing in the upcoming weeks which enhance UserInsight's capability to…

Pay attention to how people use systems: UserInsight in the news at CSO Online

We're excited to be included in Michael Santarcangelo's piece at CSO Online,where he explains the importance of gathering good behavioral analytics to detect what's the latest Verizon DBIR claimed to be no. 1 threat vector: compromised credentials. Michael discusses what's new in the field…

Stolen passwords - the no. 1 attack vector

The latest Verizon DBIR 2014 report published last week is clearly showing that the use of stolen credentials became the most common attack vector in 2013. In our upcoming webcast, Matt Hathaway and I will discuss how user-based attacks are becoming the no. 1 "threat…

Are your users exposed to IE 0-Day? Find out who is still using IE in your organization

As many security professionals, you probably sent an email to your users in the last couple of days asking them NOT to use Internet Explorer as their browser in light of the latest IE Zero Day vulnerability. However, you may be lacking visibility to user…

Are Your Users Heartbleeding?

As we figure out the implications of the OpenSSL Heartbleed Vulnerability (CVE-2014-0160), we are beginning to realize that due to the vast reach of the vulnerability, one of the largest impacts will be on your networked users.  We suggest you read about ways to…

Can 800,000 individuals compromised at the French Orange breach put you at risk?

We just read about an attack on Orange France, where 800,000 people have potentially had their information compromised. The data that was accessed included names, mailing addresses, phone numbers, email addresses, customer accounts, and IDs.This could potentially trigger a domino effect of other…

New findings on Target breach - could monitoring privileges help?

The majority of today's breaches involve lost or stolen credentials, and this week Target confirmed that this was also the case in their breach, discovered in December.  It seems stolen credentials associated with a third party vendor were used to enter the corporate network,…

Could a Frappuccino make you vulnerable?

 It was recently published that Starbucks' app, a very popular mobile application for payment at Starbucks coffee shops saved customers' usernames, passwords and other personal information in plain text.That means that a hacker could have picked up a left-behind phone, plugged it into…

Target breach could now compromise your users

We have learnt yesterday about a new phishing campaign where fake Target breach notifications were sent by cybercriminals to a growing amount of people. The email tries to get the victims' attention with the title "Alert to Target Shoppers - your identity is at risk"…

Did Cloud kill your SIEM?

Like many organizations, you have a BYOD program. Like many organizations, your employees are switching to cloud services to gain better productivity and save on cost. Some of them don't even involve the IT department or even purchasing - they may subscribe to a 30…