Rapid7 Blog

Recent Posts

Yankee Swapped: MQTT Primer, Exposure, Exploitation, and Exploration

This HaXmas, Rapid7's Jon Hart Yankee swaps readers a few minutes' attention for a festive look at MQTT exposure on the public IPv4 internet (and an exploitation module!).…

Auld Lang Syne: Threat Intelligence Resolutions for 2018

It’s that time of the year again! It is the time where we look back over the past year to see what we accomplished, what we did well, what we can improve on for next year. In Cyber Threat Intelligence we had a lot…

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas is about 2017’s 12 months of Patch Tuesdays. Never mind that there were only eleven months this year, thanks to Microsoft canceling most of February’s planned fixes. This coincided with when they’d planned…

12 Memorable Metasploit Moments of 2017

This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.…

An Evaluation of the North Pole’s Password Security Posture

Co-written by Jonathan Stines and Tommy Dew. See all of this year's HaXmas content here. He sees your password choices; He knows when they’re not great. So don’t reuse those passwords, please, And make them all longer than eight. Now that Christmas has…

Regifting Python in Metasploit

Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.…

Forget The Presents: HaXmas Is All About The [Gift] Certificates

2017 is nearly at an end, and most of the cybersecurity world is glad to see it go. We've been plagued with a myriad of vulnerabilities, misconfigurations and attacks that have kept many of us working harder than Santa's elves on December 23rd to ensure…

Uses For Tech of HaXmas Past

Before you throw technology from HaXmas gifts past on the shelf of misfit toys, consider this story about how one security researcher found new uses for an old gizmo. Your old tech is crying out to be reused!…

HaXmas: The True Meaning(s) of Metasploit

Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.…

On the Zero-eth Day of HaXmas...

I suppose it’s only fitting that this year, we introduce our storied 12 Days of HaXmas on the zero-eth day. Technically, Twelvetide doesn’t start until December 25th. This year, we’re focusing on the security events that grabbed our attention, metrics that piqued…

Metasploit Wrapup

Even with the year winding down to a close, activity around Metasploit has been decidedly “hustle and bustle”. Some cool new things to talk about this week, so sit back and dig in! For Your iOS Only If you’ve been wanting to run Meterpreter…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)

This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.…

NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes

A key guideline for cybersecurity risk management now includes coordinated vulnerability disclosure and handling processes. This revision will help boost adoption of processes for receiving and analyzing vulnerabilities disclosed from external sources, such as researchers.…

R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities

Summary of Issues Multiple vulnerabilities in Cambium Networks’ ePMP and cnPilot product lines were discovered by independent researcher Karn Ganeshen, which have, in turn, been addressed by the vendor. The affected devices are in use all over the world to provide wireless network connectivity in…

MDR and GDPR: More than a lot of letters

With 2018 now well in our sights, the countdown to the General Data Protection Regulation (GDPR)) is most definitely on. Articles 33 and 34 of the GDPR require organizations to communicate personal data breaches when there is a high risk of impact to the people…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now