Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Vulnerability Management  

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…

Patch Tuesday - April 2019

Today's Microsoft updates resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 and CVE-2019-0859 can result in unauthorized elevation of privilege, and affect all supported versions of Windows.…

Security Operations at Its Finest: Meet the InsightVM and ServiceNow Integration

Rapid7's integration between InsightVM and ServiceNow Security Operations can help your organization streamline their operations to remediate vulnerabilities faster.…

Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.…

Patch Tuesday - March 2019

Today Microsoft released updates that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748, a remote code execution (RCE) vulnerability in the Access Connectivity Engine of…

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…

Customer Perspective: How InsightVM Helps Organizations Solve Common Vulnerability Management Challenges

In this blog, Brett Droche of Amedisys explains how Rapid7's InsightVM can mitigate or completely solve common vulnerability management challenges.…

Implementing Credential Hygiene with CyberArk and InsightVM

Effectively assess your assets with a scan engine while keeping your credentials safe with the integration between CyberArk and InsightVM and Nexpose.…

Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know

This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.…

Why Most Vulnerability Management Programs Fail and What You Can Do About It

In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.…

Checkmate! How to Win at Vulnerability Management Using the Game of Chess

Because the mindset you use to win at chess is the same one you should strive for as an information security professional, you can learn a lot by examining its rules, players, and strategy.…

Drupal Core Remote Code Execution (CVE-2019-6340): What You Need to Know

On Wednesday, Feb. 20, 2019, the Drupal Core team provided an early-warning update for the third Drupal Core Security Alert of 2019, which has been assigned CVE-2019-6340.…

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash), .NET Framework, SharePoint, Exchange, and another slew of JET Database…

Automation in Action: How Carnegie Mellon University Combats Vulnerabilities Using Nexpose

We recently spoke with Brian W. Gray, Information Security Engineer for Carnegie Mellon University, about how he manages vulnerabilities with Rapid7's vulnerability assessment solution, Nexpose.…

Understanding Ubiquiti Discovery Service Exposures

On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.…