Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Tod Beardsley  

Director of Research at Rapid7, contributing author of several Rapid7 research papers, CVE Board member, and Metasploit collaborator. https://keybase.io/todb

AUTHOR STATS:

269

Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.…

R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment

Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.…

Rapid7 Introduces Industry Cyber-Exposure Report: Nikkei 225

Today, Rapid7 released our fourth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Nikkei 225 index.…

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides .…

R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities

The Hickory Smart BlueTooth Enabled Deadbolt IoT ecosystem (which includes mobile applications as well as a cloud-hosted web and MQTT infrastructure) has several vulnerabilities.…

[Research] Under the Hoodie, 2019 Edition: Lessons Learned from 180 Penetration Tests

Our 2019 Under the Hoodie report covers the measurable results of about 180 penetration tests conducted by Rapid7. Find out what we learned.…

Metasploit Development Diaries: Q2 2019

Hey folks, it's towards the end of the second quarter, which means it's high time for another Metasploit Dev Diary! If you already know what this series is about, feel free to just click on over here and read away. If you need more convincing,…

Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)

Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.…

Time and Relative Dimension in Space: GPS Week Number Rollover

This week, we're expecting some minor internet traffic turbulence around April 6 and April 7 of 2019, since that's when the next "GPS Week Number Rollover" will happen.…

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.…

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.…

The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018

It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.…

Rapid7 Introduces Industry Cyber-Exposure Report: Fortune 500

Today, Rapid7 released our first Industry Cyber-Exposure Report, examining the overall exposure of the Fortune 500 family of companies.…