Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Research  

Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know

On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.…

[IoT Security] Introduction to Embedded Hardware Hacking

Many security professionals and researchers are intrigued by the idea of opening up and exploring embedded technologies but aren’t sure where to start.…

Level Up Your Internet Intelligence Using the Rapid7 Open Data API and R

Let's take a look at how you can use ropendata in R to search for available studies, download datasets, and explore the data.…

Secure That Query! Researching the Landscape of DNS over Transport Layer Security (TLS)

In this blog, we highlight research conducted about the landscape of DNS over Transport Layer Security (TLS).…

Understanding Ubiquiti Discovery Service Exposures

On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.…

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.…

Rapid7 Industry Cyber-Exposure Report Highlights the Need for Vulnerability Management

In our recently released Industry Cyber-Exposure Report: Fortune 500, we uncovered that companies across all industries in the U.S. Fortune 500 are showing signs of recurring compromise.…

Happy HaXmas! Year-End Internet Scanning Observations

As we wrap up 2018 and forge ahead into 2019, let's reflect on some of the key observations we made through our internet scanning with Project Sonar.…

The Ghost of Exploits Past: A Deep Dive into the Morris Worm

In this post, we will dive into the exploit development process for the three modules we created in honor of the 30th anniversary of the Morris worm.…

Once a Haxer, Always a Haxor

Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.…

Rsunk your Battleship: An Ocean of Data Exposed through Rsync

Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet.…

Charting the Forthcoming PHPocalypse in 2019

This experiment began when Josh Frantz remarked that he would be curious about the potential exposure from the just-reached EOL date for PHP Version 7.0 and the forthcoming EOL date for PHP 5.6.…

Q3 Threat Report: Analyzing Three Key Detection Trends

In this post, we will review findings from our 2018 Q3 Threat Report, including common attack types, the Emotet malware, and protocol poisoning.…

How Rapid7 Researchers Used Data Science to Wrangle Messy WHOIS Data

As part of our research for the Industry Cyber-Exposure Report: Fortune 500, we attempted to quantify the public exposure of various organizations.…

Rapid7 Introduces Industry Cyber-Exposure Report: Fortune 500

Today, Rapid7 released our first Industry Cyber-Exposure Report, examining the overall exposure of the Fortune 500 family of companies.…