5 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 9/3/21
A new SMB server implementation to support capturing NTLM hashes across SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, exploits for eBPF, Git LFS, and Geutebruck IP cameras.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
2 min
Emergent Threat Response
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.
4 min
Cloud Security
SANS Experts: 4 Emerging Enterprise Attack Techniques
According to a report from the SANS Institute, the new wave of attack techniques isn't on the horizon — it’s here.
3 min
Managed Detection and Response (MDR)
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
We’re adding a new capability (and report) to connect proactive and reactive security for our MDR Essentials customers: Attack Surface Visibility.
4 min
Public Policy
Cybersecurity in the Infrastructure Bill
This post provides highlights on cybersecurity in recent infrastructure legislation. Cybersecurity is essential to ensure modern infrastructure is safe, and Rapid7 commends Congress and the Administration for including cybersecurity in the Infrastructure Investment and Jobs Act.
4 min
Vulnerability Disclosure
CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities
Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System.
1 min
Lost Bots
[The Lost Bots] Episode 4: Deception Technology
In this episode of The Lost Bots, Jeffrey talks one-on-one with you about one of his favorite subjects: deception technology.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: 8/27/21
LearnPress authenticated SQL injection
Metasploit contributor h00die added a new module
that exploits CVE-2020-6010
, an
authenticated SQL injection vulnerability in the WordPress LearnPress plugin.
When a user is logged in with contributor privileges or higher, the id parameter
can be used to inject arbitrary code through an SQL query. This exploit can be
used to collect usernames and password hash
3 min
CISOs
The Cybersecurity Skills Gap Is Widening: New Study
A new study reveals organizations are having serious trouble sourcing top-tier cybersecurity talent — despite their need to fill these roles growing more urgent by the day.
5 min
Cybersecurity
[R]Evolution of the Cyber Threat Intelligence Practice
Threat intelligence is transitioning from a separate pillar to a central hub that feeds all the functions of the security organization.
1 min
Lost Bots
[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition
In this extra installment of The Lost Bots, Mike Cohen tells Jeffrey about Velociraptor's 2021 Contributor Competition.
3 min
Managed Detection and Response (MDR)
Rapid7 MDR Named a Market Leader, Again!
Rapid7 is thrilled to be recognized as a Leader in the IDC MarketScape for 2021.
2 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up: Aug. 20, 2021
New modules for Lucee Administrator and ProxyShell, which targets on-premises Microsoft Exchange servers. Plus, tons of enhancements and fixes!
4 min
Career Development
Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic
We talked with a few of our North America Account Executives to hear firsthand about why they chose to join Rapid7 (even during a pandemic), how they learned about the company, and why they’d recommend Rapid7 as a great place to work.