Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Vulnerability Management  

The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue

In this blog, we discuss lessons learned from RDP exploits such as BlueKeep and DejaBlue, and how organizations can be protected form future vulnerabilities.…

5 Steps to Go from Patch Management to Vulnerability Management

The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.…

InsightVM vs. Managed Vulnerability Management: How to Choose Which Rapid7 Offering Is Right for You

In this blog, we explain our two vulnerability management offerings—InsightVM and our Managed Vulnerability Management Service—so you can make an informed decision about which is right for you.…

Patch Tuesday - October 2019

This month's Patch Tuesday is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe. Of…

Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice

On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.…

How DHS and MITRE Collaborate to Validate Vulns

In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.…

Four Ways to Improve Automated Vulnerability Management Efficiency with SOAR

In this post, we’ll cover four ways to leverage security orchestration and automation (SOAR) to improve your vulnerability management program and save time in the process.…

Patch Tuesday - September 2019

Today Microsoft released fixes for 79 separate security flaws, affecting products across much of their portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214 and CVE-2019-1215 are both privilege elevation vulnerabilities affecting all supported versions of Windows, one in the log file…

CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know

On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.…

How Rapid7 Industry Research Strengthens InsightVM

Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.…

How to Set Up InsightVM in Your Google Cloud Environment

In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.…

Defining Cybersecurity Risk for Higher Education

Educational institutions and other organizations have similar cybersecurity risk profiles, but there are a few very specific areas that differ.…

Summer Security Fundamentals Recap: What You Need to Know About Vulnerability Management

In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.…

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.…

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep vulnerability (CVE-2019-0708) that was patched last May. CVE-2019-1181 and CVE-2019-1182 both affect all supported versions of Windows, and can be exploited without…