Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Breach Response News  

How Your Organization Can Respond After News of a Major Security Breach

When data breaches occur, there are proactive actions organizations can take to double-check their current-state security posture, practices, and protocols.…

The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained

TL;DR This week a vulnerability was disclosed, which could result in sensitive data being leaked from websites using Cloudflare's proxy services. The vulnerability - referred to as "Cloudbleed" - does not affect Rapid7's solutions/services. This is a serious security issue, but…

NCSAM: You Should Use a Password Manager

October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA and the 30th anniversary of the CFAA - a problematic law that hinders beneficial…

Changing Threat Landscape Evolves IDR

This is part 2 of a 2-part blog series on how Incident Response is changing. Here's part one.The changing threat landscape forced an evolution in incident detection & response (IDR) that encompasses changes in tools, process, and people. While in 2005 we could get…

Trey's InfoSec SitRep [16 Nov 2015]

First, if you aren't listening to the Risky Business podcast, fix that. Patrick Gray is my go-to source for infosec news. In the News: The insight we get into breaches is sparse, so be armed with these stories. JPMorgan's 2014 Hack Tied to Largest Cyber…

Will the Data Security and Breach Notification Act Protect Consumers?

Last week, the House Energy and Commerce Committee published a discussion draft of a proposed breach notification bill – the Data Security and Breach Notification Act of 2015. I'm a big fan of the principles at play here: as a consumer, I expect that if a…

Top 3 Takeaways from the "Security in Retail: An Industry at a Crossroads" Webcast

Retail is one of the industries hit hardest by the high-profile mega-breaches of late, so Jane Man, product marketing manager at Rapid7, and Wim Remes, manager of strategic services at Rapid7 (read his intro blog here), came together to discuss the challenges and future of…

Managing the Impact of the Ebay Breach on You and Your Company

eBay announced earlier today that they were the victims of an attack that compromised the email address, encrypted password, physical address, phone number and date of birth of eBay customers.  It's important to note that the company indicated that they have not detected any…

Cyber security around the world - 7/4/14 - Germany

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week we're in Germany where officials have found the second mass user account hacking this…

Cyber security around the world - 11/2/14 - South Korea & Russia

With so much happening in cyber security around the world lately, we're going to start highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in South Korea and Russia…South KoreaA couple of…

Shock and awe with gawker.com: How to test if you have been breached

   Google Fusion table listing the MD5 hashes of breached   email address from Gawker.com data breach  This weekend, the Web and back-end database of Gawker.com was published on Pirate Bay. If you had a personal email account registered at…