3 min
InsightIDR
What You Need to Know About Cloud SIEM Deployment and Configuration
In a fast-paced environment, companies need security solutions that boost visibility and empower IT professionals to act confidently and decisively.
3 min
Application Security
Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report
In recent years, web applications have become the biggest target for attacks, as they’re the easiest way for hackers to gain access to valuable information.
3 min
SIEM
Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management
Rapid7 is excited to announce that we have been recognized as a Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM).
3 min
Vulnerability Management
12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) laid out the 12 most exploited vulnerabilities since 2016.
2 min
Metasploit
Metasploit Wrap-Up: 7/3/20
Shifting (NET)GEARs
Community contributor rdomanski added a module
for Netgear R6700v3 routers
that allows
unauthenticated attackers on the same network to reset the password for the
admin user back to the factory default of password. Attackers can then manually
change the admin user's password and log into it after enabling telnet via the
exploit/linux/telnet/netgear_telnetenable module, which will gran
1 min
InsightAppSec
InsightAppSec Release Roundup: What’s New and Updated
In this blog, we recap the latest and greatest ways to work smarter and more efficiently in InsightAppSec, so you can get some much-deserved time back.
3 min
InsightVM
How to Use Custom Policy Builder to Customize Password Policies in InsightVM
In this post, we are going to focus on commonly used customizations for password policies by our customers.
13 min
DAST
Unlocking the Power of Macro Authentication in Application Security: Part Two
In this post, we will review how to understand these error messages and what steps to take to get our authentication macro working.
3 min
Vulnerability Disclosure
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.
7 min
Research
Building a Printed Circuit Board Probe Testing Jig
In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.
2 min
Metasploit
Metasploit Wrap-Up: 6/26/20
Who watches the watchers?
If you are checking up on an organization using Trend Micro Web Security, it
might be you. A new module this week takes advantage of a chain of
vulnerabilities to give everyone (read unauthenticated users) a chance to decide
what threats the network might let slip through.
Following the trend, what about watchers that are not supposed to be there?
Agent Tesla Panel is a fun little trojan (not to be found zipping around on our
highways and byways) which now offers, agai
7 min
Managed Detection and Response (MDR)
Rapid7 Managed Detection and Response: The Service that Never Sleeps
In this post, we break-down everything you need to know about Rapid7 Managed Detection and Response (MDR).
2 min
Metasploit
Metasploit Wrap-Up: 6/19/20
Arista Shell Escape Exploit
Community contributor SecurityBytesMe added
an exploit module
for various Arista switches. With credentials, an attacker can SSH into a
vulnerable device and leverage a TACACS+ shell configuration to bypass
restrictions. The configuration allows the pipe character to be used only if the
pipe is preceded by a grep command. This configuration ultimately allows the
chaining
3 min
Vulnerability Management
How to Approach Risk Management: Advice from Rapid7 Customers
Learn how these security professionals approach risk, and their best advice for others looking to better their approach to risk management.
5 min
Detection and Response
How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
In this blog, we discuss how Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
