Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Vulnerability Management  

Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know

On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.…

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash), .NET Framework, SharePoint, Exchange, and another slew of JET Database…

Automation in Action: How Carnegie Mellon University Combats Vulnerabilities Using Nexpose

We recently spoke with Brian W. Gray, Information Security Engineer for Carnegie Mellon University, about how he manages vulnerabilities with Rapid7's vulnerability assessment solution, Nexpose.…

Understanding Ubiquiti Discovery Service Exposures

On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.…

Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure

Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.…

Cisco RV320/RV325 Router Unauthenticated Configuration Export Vulnerability (CVE-2019-1653): What You Need to Know

Last week, a critical configuration weakness in Cisco® routers was responsibly disclosed on the Full Disclosure mailing list. Here's what you need to know.…

What WannaCry Taught Me About the Benefits of Agents in VM Programs

In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.…

How AWS and InsightVM Can Help You Securely Move to the Cloud

No one can deny that cloud adoption is increasing at a fast rate. Though moving to the cloud offers many advantages—such as speed of development, cost savings, and reduced overhead—one of the implications of adoption is that customers must change the way they…

Rapid7 Industry Cyber-Exposure Report Highlights the Need for Vulnerability Management

In our recently released Industry Cyber-Exposure Report: Fortune 500, we uncovered that companies across all industries in the U.S. Fortune 500 are showing signs of recurring compromise.…

Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities

InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.…

Patch Tuesday - January 2019

Microsoft's first updates of the year address 49 separate vulnerabilities, which is on the low side relatively speaking. We're also getting rare respite from Flash vulnerabilities (although Adobe published a "security bulletin" for Flash today, the new version does not actually contain any…

Head in the Clouds: Data Warehousing in the Google Cloud

This blog discusses how to leverage InsightVM's Data Warehousing functionality to export scan data to a managed Cloud SQL instance in the Google Cloud Platform.…

Did You Remediate That? How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations

Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.…

Rapid7 Partners with AWS Security Hub for Deeper Vulnerability Reporting

Last month, we were thrilled to announce our integration with AWS Security Hub at AWS re:Invent.…

Patch Tuesday - December 2018

It's the last Patch Tuesday of 2018! As is often the case in December, it's a relatively light one with "only" 38 CVEs. (Every other month in 2018 clocked in with at least 50 patched vulnerabilities.) This is in addition to the two…