Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Tod Beardsley  

Director of Research at Rapid7, contributing author of several Rapid7 research papers, CVE Board member, and Metasploit collaborator. https://keybase.io/todb

AUTHOR STATS:

262

Metasploit Development Diaries: Q2 2019

Hey folks, it's towards the end of the second quarter, which means it's high time for another Metasploit Dev Diary! If you already know what this series is about, feel free to just click on over here and read away. If you need more convincing,…

Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)

Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.…

Time and Relative Dimension in Space: GPS Week Number Rollover

This week, we're expecting some minor internet traffic turbulence around April 6 and April 7 of 2019, since that's when the next "GPS Week Number Rollover" will happen.…

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.…

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.…

The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018

It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.…

Rapid7 Introduces Industry Cyber-Exposure Report: Fortune 500

Today, Rapid7 released our first Industry Cyber-Exposure Report, examining the overall exposure of the Fortune 500 family of companies.…

Feel Like Family Tech Support? Tips for Securing Your Loved Ones This Holiday Season

In this post, we offer some specific advice on how you can make some headway on battening down the cyber-hatches of your loved ones’ home networks.…

Lessons Learned Firsthand: Securing Corporate Voicemail PINs

On Thursday afternoon, Nov. 15, 2018, Rapid7 learned of a potential security issue with our corporate voicemail system, reported by security researcher Kristian Hermansen.…

National Cybersecurity Awareness Month: Tips for Improving Your Personal Pa55w0rd! Management

It's National Cybersecurity Awareness Month, which means it's a great time to chat about why you should consider a password manager to stay secure.…

Under the Hoodie 2018: Lessons from a Season of Penetration Testing

Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin.…

2018 National Exposure Index Research Report: Internet Security Posture by Country

Today, I’m happy to announce that Rapid7 has released our third annual National Exposure Index (NEI), a state of the internet report focusing on where in the world the most exposure is presented on the internet. I’m pretty pleased with how this year’…

CVE 100K: A Big, Round Number

There have been 100,000 CVEs published. That's a big, round number.…

Actually, Grindr is Fine: FUD and Security Reporting

On Wednesday, March 28, NBC reported Grindr security flaws expose users' location data, a story which ticks a couple hot-button topics for security professionals and security reporters alike. It’s centered around the salacious topic of online dating in the LGBT community, and hits a…