Posts tagged Rapid7 Perspective

5 min Rapid7 Perspective

Visions past and future: 2018 security predictions

Happy 2018, fellow humans (but not to you, bot army!). Like we've done in years before, we recently rounded up some of the best minds and most trenchant commentators the security industry has to offer and asked them to sum up the year gone by (whether good, bad, or ugly) and shed light on what's in store for the 363 days ahead. To see how our predictions fared in prior years, check out the 2015 [/2014/12/19/rapid7-perspectiverapid7-2014-infosec-retrospective-predictions-for-2015/] , 2016 [/2015/

2 min Public Policy

FCC Repeals Net Neutrality: What Now?

[Update 05/16/18: The US Senate passed a resolution [https://www.markey.senate.gov/imo/media/doc/CRA%20Net%20Neutrality%20.pdf], led by Sen. Ed Markey, to reject the FCC rule that repealed net neutrality. Rapid7 supports the resolution and other efforts to effectively reinstate net neutrality safeguards.] This week, Rapid7 hosted an event [https://www.rapid7.com/lp/net-neutrality/index.html] with Massachusetts’ Edward J. Markey and a number of Boston’s technology and business leaders to protest

5 min Rapid7 Perspective

Attention Humans: The ROBOT Attack

What’s the ROBOT Attack? On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and Craig Young published a paper, website, testing tool, and CTF at robotattack.org [https://robotattack.org] detailing a padding oracle attack that affects the way cryptography is handled on secure websites. ROBOT, which stands for Return Of Bleichenbacher's Oracle Threat, details a weakness in the RSA encryption standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a secur

2 min Rapid7 Perspective

Standing with Massachusetts technology leaders in support of net neutrality

On Monday, Rapid7 will host Senator Edward J. Markey and a group of technology and business leaders from across Massachusetts as we stand in support of net neutrality. Together, we’ll affirm our commitment to a free and open internet that promotes growth and innovation and gives all users broad access to internet content. At the heart of net neutrality is the principle that internet service providers must treat all content transmitted across the internet equally. In practice, this means that IS

4 min Rapid7 Perspective

5 Tips for a Cyber Holiday Season

Five tips on how to approach security this holiday season with family and friends

4 min Rapid7 Perspective

Giving thanks for security improvements

We see a lot of bad news in security: hacks, attacks, breaches, bad choices—tiny flaws that lead to significant failures. As part of a community that’s naturally wary of wins, it can be a battle to remember how much progress we’ve made as an industry, and how exponentially that progress scales across a user population of billions. In the spirit of Thanksgiving, I asked a group of Rapid7 leaders and experts to name security improvements that have made computing safer over the years—for users, pra

5 min NCSAM

NCSAM Security Crash Diet, Week 2: Social and Travel

Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.

4 min Rapid7 Perspective

Help! What’s going on?

Last month, we announced that we are evolving our community site, and we started directing our customers to two new resources: the Rapid7 blog [/] and the Help site [https://help.rapid7.com/]. We’ve heard that people like the new look and feel, but there has been some confusion and concern about the status of the forums. We want to thank everyone who has taken the time to provide feedback, and we also want to apologize for any inconvenience we may have caused while we’re in transition. This pos

3 min NCSAM

NCSAM: A Personal Security Crash Diet

We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.

2 min Vulnerability Management

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement [https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/] describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502 [https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known vulnerability pattern, and I would expect crimeware kits to

7 min Rapid7 Perspective

2017 Cybersecurity Horoscopes

What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked crystal balls, and cast runes to peer into the future. See what the signs have in store for you in the new year. Sage Corey Thomas, Rapid7 Gazing into the future of 2017, I believe we will continue to see market consolidation of security vendors. With a focus on increasing productivity, organizations will move further from disparate, point-solutions that solve just one problem to solutions that can be leveraged through

4 min Rapid7 Perspective

Why Security Assessments are Often not a True Reflection of Reality

Inmates running the asylum. The fox guarding the henhouse. You've no doubt heard these terms before. They're clever phrases that highlight how the wrong people are often in charge of things. It's convenient to think that the wrong people are running the show elsewhere but have you taken the time to reflect inward and determine how this very dilemma might be affecting your organization? I see this happening all the time in terms of security assessments. In organizations both large and small, I se

4 min IoT

On the Recent DSL Modem Vulnerabilities

by Tod Beardsley [https://twitter.com/todb] and Bob Rudis [https://twitter.com/hrbrmstr] What's Going On? Early in November, a vulnerability was disclosed affecting Zyxel DSL modems, which are rebranded and distributed to many DSL broadband customers across Europe. Approximately 19 days later, this vulnerability was leveraged in widespread attacks across the Internet, apparently connected with a new round of Mirai botnet activity. If you are a DSL broadband customer, you can check to see if yo

4 min Career Development

Opportunity Now Means Success Later: Q&A with Rapid7 Sales

This post is a Q&A with John O'Donnell, Director of Sales at Rapid7. For more information about career opportunities with Rapid7, visit https://www.rapid7.com/company/careers.jsp. Q: What separates Rapid7 from other security or software companies in the area? A: The diversity we have here separates us from the competition. Our teams are created by integrating people from all walks of life and then submerging them in the ever-changing and exciting cybersecurity industry. The belief is that you

6 min Rapid7 Perspective

Conflicting perspectives on the TLS 1.3 Draft

In the security industry, as in much of life, a problem we often face is that of balance. We are challenged with finding the balance between an organization's operational needs and the level of security that can be implemented. In many situations an acceptable, if less than optimal, solution can be found but there are cases where this balance cannot be achieved. I recently saw of case of this [https://www.ietf.org/mail-archive/web/tls/current/msg21275.html] on the mailing list of the IETF TLS Wo