Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Tod Beardsley  

AUTHOR STATS:

257

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.…

The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018

It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.…

Rapid7 Introduces Industry Cyber-Exposure Report: Fortune 500

Today, Rapid7 released our first Industry Cyber-Exposure Report, examining the overall exposure of the Fortune 500 family of companies.…

Feel Like Family Tech Support? Tips for Securing Your Loved Ones This Holiday Season

In this post, we offer some specific advice on how you can make some headway on battening down the cyber-hatches of your loved ones’ home networks.…

Lessons Learned Firsthand: Securing Corporate Voicemail PINs

On Thursday afternoon, Nov. 15, 2018, Rapid7 learned of a potential security issue with our corporate voicemail system, reported by security researcher Kristian Hermansen.…

National Cybersecurity Awareness Month: Tips for Improving Your Personal Pa55w0rd! Management

It's National Cybersecurity Awareness Month, which means it's a great time to chat about why you should consider a password manager to stay secure.…

Under the Hoodie 2018: Lessons from a Season of Penetration Testing

Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin.…

2018 National Exposure Index Research Report: Internet Security Posture by Country

Today, I’m happy to announce that Rapid7 has released our third annual National Exposure Index (NEI), a state of the internet report focusing on where in the world the most exposure is presented on the internet. I’m pretty pleased with how this year’…

CVE 100K: A Big, Round Number

There have been 100,000 CVEs published. That's a big, round number.…

Actually, Grindr is Fine: FUD and Security Reporting

On Wednesday, March 28, NBC reported Grindr security flaws expose users' location data, a story which ticks a couple hot-button topics for security professionals and security reporters alike. It’s centered around the salacious topic of online dating in the LGBT community, and hits a…

R7-2017-28: Epson AirPrint XSS (CVE-2018-5550)

The Epson AirPrint web configuration page is vulnerable to a reflected cross-site scripting (XSS) issue in the INPUTT_GEOLOCATION parameter in the web administration console. This issue could be leveraged by an attacker with network access to the web UI to the printer to trick…

On Random Shell Generators

A couple days ago, AutoSploit.py was released by a person named Real__Vector. It’s safe to say that it’s made some waves in the security Twitterverse, and a few people have asked us here at Rapid7 what we think about it given…

Meltdown and Spectre: What you need to know (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

After waking up from a long winter’s nap, you may have heard the lamentations about the “Intel Kernel Leak” vulnerability, or the “Kernel Speculative Execution” vulnerability, or, now, the “Meltdown and Spectre” vulnerabilities. This is a quick post to let you know just how…

HaXmas: The True Meaning(s) of Metasploit

Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.…