2 min
Public Policy
Supreme Court narrows CFAA
The Supreme Court interprets the CFAA narrowly. This avoids over-criminalizing cybersecurity research and commonplace internet activity, though may raise concerns about insider threats.
4 min
Vulnerability Disclosure
CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities
Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.
4 min
Application Security
Rapid7 Named a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing
Rapid7 is excited to share that we have been recognized as a Visionary in the 2021 Gartner Magic Quadrant for Application Security Testing (AST)
3 min
DevOps
Creating coefficiency: DevOps, Security, and Compliance
The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.
6 min
Public Policy
How the Biden Administration's cybersecurity order will affect companies
The Biden Administration's Executive Order will create new software security and cyber incident reporting requirements for federal contractors.
3 min
Metasploit
Metasploit Wrap-Up: May 28, 2021
In the spirit of cool module content, there's a new SMBGhost RCE module, plus a hefty set of enhancements and fixes!
4 min
Cloud Security
5 questions to answer before spending big on cloud security
Convincing people to sign off on big cloud security spends is, most assuredly, a never-ending process. Because every so often (be it in 6 months, 1 year, 2 years), your security organization will have to pitch to the check-writers all over again.
3 min
Detection and Response
Kill Chains: Part 1→Strategic and operational value
More recently, the term has been conscripted by the cybersecurity world to help businesses and security organizations go on the offensive, ensuring there are no gaps in their mitigation strategies and that their threat-hunting processes are sound.
2 min
Emergent Threat Response
CVE-2021-21985: What You Need To Know About the Latest Critical vCenter Server Vulnerability
On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010
, which includes
details on CVE-2021-21985, a critical remote code execution vulnerability in the
vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and
VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of
input validation in the Virtual SAN Health Check plug-in, which is enabled by
default in vCenter Server. Succe
3 min
Cloud Infrastructure
Reducing Risk With Identity Access Management (IAM)
As your supply chain grows, so does your attack surface. As business scales up and cloud providers release new services and resources to support, it becomes exponentially more challenging for security teams to manage access.
3 min
Metasploit
Metasploit Wrap-Up: 5/21/21
New modules for gathering (info+config!), escalation (of privilege!), and execution (of code!).
3 min
Emergent Threat Response
Want to stay ahead of emerging threats? Here’s how.
A key question security organizations should ask themselves with regard to emerging threats: Are the systems we have logging the correct information?
6 min
CISOs
Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500
We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.
7 min
Public Policy
Calling for cybersecurity in infrastructure modernization
Rapid7 issued a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation.
3 min
How to Implement Secure and Compliant IaC
Success lies in security
True separation of developer and security teams is becoming a thing of the past.
Today’s cloud environments enable deployments at previously unheard-of speed and
scale; there simply isn’t time to build infrastructure, then code, then hand it
all off for security cross-checks before deploying. Where can organizations find
the time? In the land of left… shifting left, that is.
As security quickly becomes everyone’s responsibility, shifting left empowers
developers to tak