Rapid7 Blog

Breach Response News  

The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained

TL;DR This week a vulnerability was disclosed, which could result in sensitive data being leaked from websites using Cloudflare's proxy services. The vulnerability - referred to as "Cloudbleed" - does not affect Rapid7's solutions/services. This is a serious security issue, but…

NCSAM: You Should Use a Password Manager

October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA and the 30th anniversary of the CFAA - a problematic law that hinders beneficial…

Changing Threat Landscape Evolves IDR

This is part 2 of a 2-part blog series on how Incident Response is changing. Here's part one.The changing threat landscape forced an evolution in incident detection & response (IDR) that encompasses changes in tools, process, and people. While in 2005 we could get…

Trey's InfoSec SitRep [16 Nov 2015]

First, if you aren't listening to the Risky Business podcast, fix that. Patrick Gray is my go-to source for infosec news. In the News: The insight we get into breaches is sparse, so be armed with these stories. JPMorgan's 2014 Hack Tied to Largest Cyber…

Will the Data Security and Breach Notification Act Protect Consumers?

Last week, the House Energy and Commerce Committee published a discussion draft of a proposed breach notification bill – the Data Security and Breach Notification Act of 2015. I'm a big fan of the principles at play here: as a consumer, I expect that if a…

Top 3 Takeaways from the "Security in Retail: An Industry at a Crossroads" Webcast

Retail is one of the industries hit hardest by the high-profile mega-breaches of late, so Jane Man, product marketing manager at Rapid7, and Wim Remes, manager of strategic services at Rapid7 (read his intro blog here), came together to discuss the challenges and future of…

Managing the Impact of the Ebay Breach on You and Your Company

eBay announced earlier today that they were the victims of an attack that compromised the email address, encrypted password, physical address, phone number and date of birth of eBay customers.  It's important to note that the company indicated that they have not detected any…

Cyber security around the world - 7/4/14 - Germany

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week we're in Germany where officials have found the second mass user account hacking this…

Cyber security around the world - 11/2/14 - South Korea & Russia

With so much happening in cyber security around the world lately, we're going to start highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in South Korea and Russia…South KoreaA couple of…

Shock and awe with gawker.com: How to test if you have been breached

   Google Fusion table listing the MD5 hashes of breached   email address from Gawker.com data breach  This weekend, the Web and back-end database of Gawker.com was published on Pirate Bay. If you had a personal email account registered at…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More