Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Vulnerability Management  

How Rapid7’s AWS Security Hub Integrations Increase Cloud Visibility and Automate Security Operations

As part of our ongoing commitment to support customers using Amazon Web Services (AWS), Rapid7 announces integrations with the AWS Security Hub for vulnerability management and SOAR solutions.…

Rapid7 Releases Cloud Configuration Assessment Capabilities in InsightVM

Rapid7 is pleased to announce that we have released new Cloud Configuration Assessment capabilities in our InsightVM vulnerability management solution.…

Blocking User Access to Vulnerable Assets with CyberArk and InsightVM

With InsightVM's new integration with the CyberArk Privileged Access Security Solution, user access to vulnerable assets can be automatically restricted until the issue is eliminated.…

Attack Surface Monitoring with Project Sonar

Attack Surface Monitoring with Project Sonar can help you reduce and monitor your attack surface.…

Patch Tuesday - June 2019

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities, the highest count so far this year. Nothing this month seems "wormable" like the BlueKeep vulnerability patched in May, and none of them have been seen exploited in the…

Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510): What You Need to Know

CERT/CC has released an advisory regarding discovered behavior in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions.…

Scan Engine Options for InsightVM in AWS: Pre-Authorized AMI vs. Manual Install

In this blog, we’re going to go over installing the InsightVM Scan Engine in an AWS environment without using the Pre-Authorized Scan Engine AMI.…

Why Patch Management Is Crucial for Securing Your Organization

With the deluge of assets flooding corporate networks, organizations need to have a solid patch management strategy in place.…

How SOAR Is Disrupting Traditional Vulnerability Management

In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management.…

Patch Tuesday - May 2019

Hot on the heels of several Apple security advisories on Monday, May's Patch Tuesday sees Microsoft fix nearly 80 vulnerabilities across their product line, some of them very serious indeed, and Adobe address over 80 in Acrobat Reader alone. A fix for a critical remote…

Medical Device Security, Part 3: Putting Safe Scanning into Practice

In this blog post, we put the theory we've built out in our medical device scanning series into practice.…

Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup

In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.…

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.…

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.…

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…