Posts tagged Project Sonar

6 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

Complexity is the enemy to successful security outcomes. To get a feel for how well-resourced organizations perform in this area, we looked at 3 factors.

1 min Industry Cyber-Exposure Report (ICER)

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report (ICER) series, which digs into cyber-exposure among organizations in Australia’s ASX 200.

13 min Research

Don’t Put It on the Internet: Tesla Backup Gateway Edition

In this blog, we address Tesla Backup Gateways and identify key areas where Tesla could improve security and privacy to help customers protect themselves.

5 min Research

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.

2 min Quarterly Threat Report

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report.

3 min Vulnerability Management

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.

3 min Vulnerability Disclosure

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.

5 min Research

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.

7 min Microsoft

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.

5 min Research

DOUBLEPULSAR over RDP: Baselining Badness on the Internet

How many internet-accessible RDP services have the DOPU implant installed? How much DOPU-over-RDP traffic do we see being sprayed across the internet?

9 min Research

Oh, Behave! Who Made It to Rapid7 Labs' Naughty List(s) in 2019?

The Labs team thought it might be fun to give folks a glimpse into who made it to some of our naughtiest lists in 2019 based on insights gleaned through our research projects.

2 min Research

Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.

5 min Cloud Infrastructure

Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud

In this blog, we share the top cloud configuration mistakes organizations make and four rules to implement so you can migrate securely to the cloud.

5 min Project Sonar

Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice

On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.

4 min InsightVM

How Rapid7 Industry Research Strengthens InsightVM

Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.