Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Vulnerability Management  

Patch Tuesday - May 2019

Hot on the heels of several Apple security advisories on Monday, May's Patch Tuesday sees Microsoft fix nearly 80 vulnerabilities across their product line, some of them very serious indeed, and Adobe address over 80 in Acrobat Reader alone. A fix for a critical remote…

Medical Device Security, Part 3: Putting Safe Scanning into Practice

In this blog post, we put the theory we've built out in our medical device scanning series into practice.…

Medical Device Security, Part 2: How to Give Medical Devices a Security Checkup

In part two of our series, we get into the weeds of medical device scanning and examine how to directly perform assessments on medical devices.…

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.…

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.…

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.…

Patch Tuesday - April 2019

Today's Microsoft updates resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 and CVE-2019-0859 can result in unauthorized elevation of privilege, and affect all supported versions of Windows.…

Security Operations at Its Finest: Meet the InsightVM and ServiceNow Integration

Rapid7's integration between InsightVM and ServiceNow Security Operations can help your organization streamline their operations to remediate vulnerabilities faster.…

Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.…

Patch Tuesday - March 2019

Today Microsoft released updates that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748, a remote code execution (RCE) vulnerability in the Access Connectivity Engine of…

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…

Customer Perspective: How InsightVM Helps Organizations Solve Common Vulnerability Management Challenges

In this blog, Brett Droche of Amedisys explains how Rapid7's InsightVM can mitigate or completely solve common vulnerability management challenges.…

Implementing Credential Hygiene with CyberArk and InsightVM

Effectively assess your assets with a scan engine while keeping your credentials safe with the integration between CyberArk and InsightVM and Nexpose.…

Cisco® RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663): What You Need to Know

This week, Cisco® released an advisory and patch for a remote code execution flaw in small-business routers used for wireless connectivity in small offices and home offices.…

Why Most Vulnerability Management Programs Fail and What You Can Do About It

In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.…