All Posts

5 min Rapid7 Culture

Celebrating Women’s History Month at Rapid7

On March 8th, Rapid7 hosted an International Women's Day panel, which focused equity, inclusion, and advocacy in the workplace.

7 min Vulnerability Disclosure

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Rapid7 has discovered three security concerns in CloudPanel from MGT-COMMERCE, a self-hosted web administration solution.

3 min Emergent Threat Response

Rapid7 Observed Exploitation of Adobe ColdFusion

Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments.

5 min Rapid7 Culture

Practice Operations Manager Looks Back On First Five Months With Rapid7

Elianna Sfez is a Threat Intelligence Practice Operations Manager at Rapid7. We sat down to chat about her new hire journey, company culture, and more.

3 min Metasploit

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952 [], that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4,

4 min Cloud Security

MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls

It's essential to implement robust security measures to protect your organization. One way to do this is to utilize the MITRE ATT&CK framework.

3 min Threat Intel

Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study

Security decision-makers are more concerned about external attacks than any other attack vector, according to the new Forrester Consulting study commissioned by Rapid7.

4 min Consulting Services

Build Security Muscle Memory With Tabletop Exercises

What scrimmages were to football, tabletop exercises (TTX) are to incident response, business continuity, disaster recovery, vulnerability management, and other critical components of your organization’s security program.

3 min Automated Remediation

Three Steps for Ramping Up to Fully Automated Remediation

Implementing automated remediation doesn't happen overnight—it takes time and a good roadmap. This article offers an incremental crawl, walk, run approach.

11 min Vulnerability Management

Patch Tuesday - March 2023

Microsoft March 2023 Patch Tuesday fixes 101 security issues, including a Critical zero-day vulnerability in Outlook which has been exploited by Russia-based actors against European government & critical infrastructure targets.

4 min Vulnerability Disclosure

Microsoft Defender for Cloud Management Port Exposure Confusion

Microsoft Defender for Cloud, until recently, didn't distinguish "" as a synonym for "any" when checking for management port exposures for Azure instances.

2 min Cybersecurity

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two

Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt in times of great stress and impact.

5 min Healthcare

Cloud Security Strategies for Healthcare

The healthcare industry must innovate in the cloud to meet patient needs, but organizations need to do so without creating unnecessary or unmanaged risk.

4 min Metasploit

Metasploit Weekly Wrap-Up

Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users on Windows and is world readable on Linux.. The module was written by community contributor bcoles [] who also wrote a login scanner for Wowza this week. The login scanner can b

1 min Detection and Response

[The Lost Bots] S03E01: Tech Stack Consolidation and Bacon

Jeffrey Gardner, D&R Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, discuss consolidation benefits and potential "gotchas".