All Posts

OWASP TOP 10 API Security Risks: 2023

The OWASP Top 10 API Security Risks is a list of the highest priority API based threats in 2023. In this blog, we detail each item on the list.

3 min Cloud Security

Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec

We are pleased to introduce our next advancement of identity-related risk management and remediation in Rapid7's InsightCloudSec: Identity Analysis.

3 min Emergent Threat Response

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.

10 min Velociraptor

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.

4 min Metasploit

Metasploit Weekly Wrap-Up: Jun. 7, 2023

Metasploit adds new support for Amazon Web Services EC2 instance enumeration with integrated session support, Apache NiFi scanners, and more

5 min Detection and Response

This is Ceti Alpha Five!

In this blog, we explore how Star Trek II: The Wrath of Khan demonstrates the very best and worst of cybersecurity in the 23rd Century.

2 min Metasploit

Metasploit Weekly Wrap-Up: 6/2/23

Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module

8 min Emergent Threat Response

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

4 min Rapid7 Culture

Rapid7 Sales Director Devin Poulter On Building a Career as an Account Executive

Devin Poulter is a Sales Director with over 20 years of experience in the tech industry. Recently, we spoke with him about building a career in tech sales.

2 min Rapid7 Culture

Rapid7 Data Engineers Inspire Future Tech Talent at Summer Search Career Fest

Earlier this month, Rapid7 data engineers had the honor of being panelists at the Summer Search Career Fest.

2 min Emergent Threat Response

Widespread Exploitation of Zyxel Network Devices

Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.

6 min Metasploit

Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session

Rapid7 is pleased to announce the availability of Metasploit fetch payloads, which increase efficiency and user control over the commands executed.

3 min Managed Detection and Response (MDR)

Healthcare Orgs: Do You Need an Outsourced SOC?

Learn how your healthcare organization can benefit from cybersecurity managed services and an outsourced SOC.

2 min DFIR

VeloCON 2023: Submissions Wanted!

Our 2nd annual VeloCON virtual summit will be held this September, and the call for presentations closes Monday, July 17, 2023.

2 min Cloud Security

Casting a Light on Shadow IT in Cloud Environments

Shadow IT typically refers to the use of consumer apps or services without explicit IT approval. However, it can also occur at a cloud infrastructure level.