Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Recent Posts

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community to evidence of active exploitation attempts of CVE-2020-3992 and/or CVE-2019-5544, which are remote code execution (RCE) vulnerabilities in VMware ESXi’s service location protocol (SLP) service. VMware had issued a…

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.…

Visualizing Network Traffic Data to Drive Action

In this blog, we cover the top five multi-groupby queries that can be used to visualize network sensor data with the Insight Network Sensor.…

Advance Your Career: Life as a Rapid7 Belfast Software Engineer

As we continue to build this team, we are looking for new Moose who exemplify our core values, and are passionate about making a positive impact on our customers.…

Metasploit Wrap-Up

Insert 'What Year Is It' meme h00die contributed the Mikrotik unauthenticated directory traversal file read auxiliary gather module, largely a port of the PoC by Ali Mosajjal. The vulnerability CVE-2018-14847 allows any file from the router to be read through the Winbox server in RouterOS…

This One Time on a Pen Test: How I Hacked a Self-Driving Car

In our latest edition of "This One Time on a Pen Test," we take a deeper look at an engagement involving a self-driving car.…

tCell by Rapid7 Now Available for the European Region

Today, we are excited to announce tCell by Rapid7, our next-gen WAF and RASP solution, is now available in the Rapid7 Insight cloud’s European region.…

NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler

In this edition of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of Citrix ADC/NetScaler.…

The Story Behind Security Breaches

There are many potential causes of security breaches, but what is a common root cause? Human error.…

Overview of Content Security Policies (CSPs) on the Web

A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded.…

Metasploit Wrap-Up

Support for gathering ProxyUsername and ProxyPassword for saved PuTTY sessions, usability improvements for PsExec modules, and another CTF coming soon.…

National Cybersecurity Awareness Month: Security Pros Offer Top Tips for Staying Safe Online

For National Cybersecurity Awareness Month, we rounded up tips from our network of experts to help you easily shore up your approach to cybersecurity.…

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.…

How Maria Barsallo Lynch Helps Combat the Spread of Misinformation and Disinformation Ahead of the Election

In our most recent episode of Security Nation, we spoke with Maria Barsallo Lynch about her work informing election officials of the rise of misinformation centered around elections.…

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

We put together a list of some of the scariest vulnerabilities of the year and the remediation solutions that can help you stay on guard in the future.…

Never miss a blog

Get the latest stories, expertise, and news about security today.