Posts by Tod Beardsley

13 min Vulnerability Management

Multiple Open Source Web App Vulnerabilities Fixed

While it's never great to learn of new vulnerabilities in your own product, all three project maintainers accepted, validated, and provided fixes for these vulnerabilities within one day, which is amazing when it comes to vulnerability disclosure.

8 min

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers Jonathan Peterson, Aaron Herndon, Cale Black, Ryan Villarreal, and William Vu.

2 min Detection and Response

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.

2 min Research

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Rapid7 just released the third in our Industry Cyber-Exposure Report (ICER) series. We've slimmed down our research and reporting style, and this series focuses on five areas we believe that CISOs at mega-corporations actually have a shot at accomplishing.

8 min Vulnerability Disclosure

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)

Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.

4 min Vulnerability Disclosure

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.

6 min ICER

Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500

We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.

8 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.

6 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

Complexity is the enemy to successful security outcomes. To get a feel for how well-resourced organizations perform in this area, we looked at 3 factors.

1 min Industry Cyber-Exposure Report (ICER)

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report (ICER) series, which digs into cyber-exposure among organizations in Australia’s ASX 200.

4 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500

There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here.

4 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500

We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also highly susceptible to being leveraged as a mechanism for malicious actions, such as spoofing or phishing.

1 min Research

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350

We are excited to release the second report in our Industry Cyber-Exposure Report (ICER) series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350.

3 min Vulnerability Disclosure

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.

2 min Research

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500

Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report (ICER) series.