2 min
Vulnerability Disclosure
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.
4 min
IoT
IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.
2 min
Research
Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320
Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.
6 min
Vulnerability Disclosure
R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment
Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.
4 min
Events
Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends
As Hacker Summer Camp comes to a close, we sat down with a few friends in the security space to discuss the major highlights from Black Hat, DEF CON, and BSides .
3 min
Vulnerability Disclosure
Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know
Here's what you need to know about the recent Zoom vulnerability disclosure.
1 min
Metasploit
Metasploit Development Diaries: Q2 2019
Hey folks, it's towards the end of the second quarter, which means it's high
time for another Metasploit Dev Diary! If you already know what this series is
about, feel free to just click on over here
[https://www.rapid7.com/research/report/metasploit-development-diaries-q2-2019]
and read away. If you need more convincing, here's the skinny.
Once a quarter, the indomitable Metasploit
[https://www.rapid7.com/products/metasploit/] engineering team is going to pull
you, dear reader, behind the cur
9 min
Vulnerability Disclosure
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.
3 min
Vulnerability Disclosure
R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing
A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.
3 min
Vulnerability Disclosure
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.
3 min
Haxmas
R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)
Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.
3 min
Haxmas
The 12 Days of HaXmas: A Festive Blog Series Recapping Security in 2018
It’s the waning days of 2018, so it’s time to usher in our traditional end-of-year blog series, the 12 Days of HaXmas.
3 min
Cybersecurity
National Cybersecurity Awareness Month: Tips for Improving Your Personal Pa55w0rd! Management
It's National Cybersecurity Awareness Month, which means it's a great time to chat about why you should consider a password manager to stay secure.
2 min
Penetration Testing
Under the Hoodie 2018: Lessons from a Season of Penetration Testing
Today, I’m excited to announce the release of our 2018 edition of Under the Hoodie: Lessons from a Season of Penetration Testing by the Rapid7 Global Services team, along with me, Tod Beardsley and Kwan Lin.
4 min
Vulnerability Management
CVE 100K: A Big, Round Number
There have been 100,000 CVEs published. That's a big, round number.