Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know
Here's what you need to know about the recent Zoom vulnerability disclosure.…
Metasploit Development Diaries: Q2 2019
Hey folks, it's towards the end of the second quarter, which means it's high time for another Metasploit Dev Diary! If you already know what this series is about, feel free to just click on over here and read away. If you need more convincing,…
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.…
Time and Relative Dimension in Space: GPS Week Number Rollover
This week, we're expecting some minor internet traffic turbulence around April 6 and April 7 of 2019, since that's when the next "GPS Week Number Rollover" will happen.…
R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing
A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.…
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…
R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)
Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.…
The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018
It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.…
Rapid7 Introduces Industry Cyber-Exposure Report: Fortune 500
Today, Rapid7 released our first Industry Cyber-Exposure Report, examining the overall exposure of the Fortune 500 family of companies.…
Feel Like Family Tech Support? Tips for Securing Your Loved Ones This Holiday Season
In this post, we offer some specific advice on how you can make some headway on battening down the cyber-hatches of your loved ones’ home networks.…
Lessons Learned Firsthand: Securing Corporate Voicemail PINs
On Thursday afternoon, Nov. 15, 2018, Rapid7 learned of a potential security issue with our corporate voicemail system, reported by security researcher Kristian Hermansen.…
National Cybersecurity Awareness Month: Tips for Improving Your Personal Pa55w0rd! Management
It's National Cybersecurity Awareness Month, which means it's a great time to chat about why you should consider a password manager to stay secure.…
Under the Hoodie 2018: Lessons from a Season of Penetration Testing
Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin.…
2018 National Exposure Index Research Report: Internet Security Posture by Country
Today, I’m happy to announce that Rapid7 has released our third annual National Exposure Index (NEI), a state of the internet report focusing on where in the world the most exposure is presented on the internet. I’m pretty pleased with how this year’…
CVE 100K: A Big, Round Number
There have been 100,000 CVEs published. That's a big, round number.…
