10 min
Ransomware
Ransomware: Is Critical Infrastructure in the Clear?
Is critical infrastructure in the clear, is it a specific target of ransomware attackers, or is it simply on the same footing as any other organization?
Read Full Post
10 min
Cybersecurity
Reforming the UK’s Computer Misuse Act
The CMA is the UK’s anti-hacking law, and we've provided feedback on the issues we see with the legislation.
Read Full Post
11 min
Public Policy
Hack Back Is Still Wack
The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.
Read Full Post
7 min
Ransomware
The Ransomware Task Force: A New Approach to Fighting Ransomware
The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.
Read Full Post
3 min
Ransomware
Decrypter FOMO No Mo’: Five Years of the No More Ransom Project
The amazing No More Ransom Project celebrates its fifth anniversary today and so we just wanted to take a moment to talk about what it has accomplished and why you should tell all your friends about it.
Read Full Post
10 min
Security Nation
Taking Inspiration from Our Security Nation in an Otherwise Uninspiring Year
With 2020 finally coming to a close, the Security Nation podcast team shares their top highlights from throughout the year.
Read Full Post
4 min
Security Strategy
Help Others Be "Cyber Aware" This Festive Season—And All Year Round!
Are you tired of being the cybersecurity help desk for everyone you know? This blog is for you!
Read Full Post
6 min
Public Policy
Internet of Things Cybersecurity Regulation and Rapid7
Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.
Read Full Post
7 min
Government
What's Happening With Markups for the IoT Cybersecurity Improvement Act of 2019?
In recent weeks, the House and Senate have drafted versions of the IoT Cybersecurity Improvement Act of 2019. Here are are thoughts.
Read Full Post
2 min
Podcast
(Re)Introducing Rapid7’s Podcast, Security Nation
This week, we are re-launching Rapid7’s podcast, Security Nation. The new, re-imagined podcast will focus on showcasing people and projects that are advancing security in their own ways.
Read Full Post
8 min
Public Policy
The IoT Cybersecurity Improvement Act of 2019
In this blog post, we will walk through the newly introduced IoT Cybersecurity Improvement Act of 2019 and describe Rapid7's position on it.
Read Full Post
4 min
Linux
Patching CVE-2017-7494 in Samba: It's the Circle of Life
With the scent of scorched internet still lingering in the air from the
WannaCry
Ransomworm
[http://community.rapid7.com/community/infosec/blog/2017/05/12/wanna-decryptor-wncry-ransomware-explained]
, today we see a new scary-and-potentially-incendiary bug hitting the twitter
news. The vulnerability - CVE-2017-7494
[https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2017-7494] -
affects versions 3.5 (released March 1, 2010) and onwards of Samba, the defacto
standard for providing Wind
Read Full Post
1 min
Public Policy
Rapid7's Position on the U.S. Executive Order on Immigration
On Friday, January 27th, 2017, the White House issued an Executive Order
entitled, “Protecting The Nation from Foreign Terrorist Entry into The United
States.
[https://www.whitehouse.gov/the-press-office/2017/01/27/executive-order-protecting-nation-foreign-terrorist-entry-united-states]
” As has been well-publicized, the Order suspends some immigration from seven
Muslim-majority countries — Syria, Yemen, Sudan, Somalia, Iraq, Iran and Libya —
for 90 days, halts the refugee program for 120 days,
Read Full Post
5 min
Research
Research Report: Vulnerability Disclosure Survey Results
When cybersecurity researchers find a bug in product software, what's the best
way for the researchers to disclose the bug to the maker of that software? How
should the software vendor receive and respond to researchers' disclosure?
Questions like these are becoming increasingly important as more
software-enabled goods - and the cybersecurity vulnerabilities they carry -
enter the marketplace. But more data is needed on how these issues are being
dealt with in practice.
Today we helped publish
Read Full Post
6 min
Government
Vulnerability Disclosure and Handling Surveys - Really, What's the Point?
Maybe I'm being cynical, but I feel like that may well be the thought that a lot
of people have when they hear about two surveys posted online this week to
investigate perspectives on vulnerability disclosure and handling. Yet despite
my natural cynicism, I believe these surveys are a valuable and important step
towards understanding the real status quo around vulnerability disclosure and
handling so the actions taken to drive adoption of best practices will be more
likely to have impact.
Hopef
Read Full Post