Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Vulnerability Management  

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation…

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space.…

Patch Tuesday - November 2020

Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel Local Elevation of…

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.…

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.…

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

We put together a list of some of the scariest vulnerabilities of the year and the remediation solutions that can help you stay on guard in the future.…

Rapid7 Announces Improvements to Goals and SLAs in InsightVM

We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.…

Scan Template Best Practices in InsightVM

This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.…

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.…

Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives

Let’s talk false positives. They’re frustrating and faulty to anyone in security. The good news? We’ve added even more ways to reduce the noise they cause.…

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.…

Patch Tuesday - October 2020

Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746. Despite this…

How InsightVM Helps You Save Time and Prove Value

In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts.…

Why Every Organization Needs a Vulnerability Management Policy

In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk.…

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.…

Never miss a blog

Get the latest stories, expertise, and news about security today.