Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Research  

Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner

Rapid7 pen testers Gisela Hinojosa and Carlota Bindner are back to answer another round of questions about the mysterious art of penetration testing…

NICER Protocol Deep Dive: Secure Shell (SSH)

In the second installment of our NICER Protocol Deep Dive blog series, we cover Secure Shell (SSH).…

Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests

Rapid7 recently released its 2020 Under the Hoodie report, detailing the ins and outs of penetration testing.…

NICER Protocol Deep Dive: Internet Exposure of Telnet Services

In the first installment of our NICER Protocol Deep Dive blog series, we cover internet exposure of Telnet services.…

Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 2 Sessions

Our Rapid7 experts attended another day of incredible talks, and have plenty of key takeaways and insights to share about their Virtual Vegas sessions.…

Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 1 Sessions

Even from home, it can be tough to catch what you want to see at Black Hat, so we had our experts do the work for you as part of our Virtual Vegas event.…

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.…

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.…

Rapid7 Releases 2020 National / Industry / Cloud Exposure Report (NICER)

Rapid7 has just released the 2020 National / Internet / Cloud Exposure Report, affectionately called the NICER report.…

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.…

Building a Printed Circuit Board Probe Testing Jig

In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.…

Rapid7 Quarterly Threat Report: 2020 Q1

In this blog, we break down some of the top findings and highlights from the Rapid7 Quarterly Threat Report: 2020 Q1.…

The Masked SYNger: Investigating a Traffic Phenomenon

At the beginning of 2020, Rapid7 and other researchers began noticing increased scanning activity against a variety of TCP ports.…

May 2020 Cisco Remote Vulnerabilities Guidance

Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.…

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.…

Never miss a blog

Get the latest stories, expertise, and news about security today.