Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Recent Posts

Plugin Development Made Easy With Rapid7

The Rapid7 Integrations Team is focused on making plugin development an easy process for all security practitioners, not just those with a programming background.…

Hear from Your Peers: Advice for Your First 90 Days Using a Vulnerability Management Solution

In a recent survey with InsightVM customers, we asked them to share their best tips for the first 90 days of using a vulnerability management solution.…

Metasploit Wrap-Up

Yes, it’s a huge enterprise vulnerability week (again) For our 100th release since the release of 5.0 18 months ago, our own zeroSteiner got us a nifty module for the SAP "RECON" vulnerability affecting NetWeaver version 7.30 to 7.50.…

#Rapid7Life in a Remote World: Building the Bridge While We Cross

Upon news of our temporarily closed global office spaces to ensure employee health and safety, we made the quantum leap to a remote world and workplace.…

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.…

What’s New in InsightIDR: H1 2020 in Review

This post offers a closer look at select highlights of what’s new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020.…

Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder

During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.…

Defense in Depth Using Deception Technology in InsightIDR

Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR.…

Rapid7 Releases 2020 National / Industry / Cloud Exposure Report (NICER)

Rapid7 has just released the 2020 National / Internet / Cloud Exposure Report, affectionately called the NICER report.…

Metasploit Wrap-Up

Plex unpickling The exploit/windows/http/plex_unpickle_dict_rce module by h00die exploits an authenticated Python deserialization vulnerability in Plex Media Server. The module exploits the vulnerability by creating a photo library and uploading a Dict file containing a Python payload to the library’…

How to Operationalize Threat Response from Chat Using InsightConnect

With InsightConnect, Rapid7’s SOAR tool, you can take action against alerts, threats, and vulnerable hosts directly from your existing communication tools.…

Understanding Security as an Investment: The Importance of Pen Testing for Startups

Recently, we sat down with Intenseye's Sercan Esen and Serhat Cillidag to discuss developing robust security programs for startup environments.…

Top 5 Ways to Get a Network Traffic Source on Your Network

In this blog, we take a look at the top five ways to get a network traffic source on your network.…

Patch Tuesday - July 2020

100+ vulnerabilities patched during Patch Tuesdays the new normAnother 123 CVEs are covered this month from Microsoft for the 2020-Jul Patch Tuesday.  In addition to our usual suspects like Windows, Internet Explorer/Microsoft Edge, and Microsoft Office this Patch Tuesday addresses several developer-type tools such…

Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know

On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.…

Never miss a blog

Get the latest stories, expertise, and news about security today.