Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Research  

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.…

Rapid7 2020 Threat Report: Exposing Common Attacker Trends

In this blog, we break-down the three key sections of the newly-released Rapid7 2020 Threat Report.…

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

As our team discussed our traditional RSA round-up blog, we started to wonder how easy it would be to predict those key themes before the conference even kicked off.…

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?…

DOUBLEPULSAR RCE 2: An RDP Story

In this sequel, wvu recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR implant's lesser-known RDP variant. If you're unfamiliar with the more common SMB variant, you can read our blog post detailing how we achieved…

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.…

Election Security: What You Need to Know

In this blog, we break-down everything you need to know about the collection of security challenges throughout elections.…

Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?

The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.…

Don't Spread This Holiday Cheer: How to Secure Your Leftover Technology

When you get your new gizmos and gadgets, how can you make sure your old tech is properly handled so your personal data stays safe?…

Cisco Self-Signed Certificate Expiration on Jan. 1, 2020: What You Need to Know

Cisco released Field Notice 70489 this week making owners of a wide range of Cisco devices of an impending certificate expiration issue.…

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.…

What a Difference a Year Makes: Revisiting Our Inaugural Fortune 500 ICER One Year Later

It's now been a year since we released our first Fortune 500 ICER, so we decided to take a quick look at a key control, DMARC, to look for improvements.…

Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.…

R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment

Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.…

Open-Source Command and Control of the DOUBLEPULSAR Implant

Metasploit researcher William Vu shares technical analysis behind a recent addition to Framework: a module that executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB and allows users to remotely disable the implant.…