Posts tagged Research

3 min Application Security

Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec

InsightAppSec's new application discovery feature, powered by Rapid7's Project Sonar, helps security teams know what apps are exposed to the internet.
21 min Vulnerability Disclosure

Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software

Rapid7 discovered vulnerabilities and non-security issues affecting Cisco ASA, ASDM, and FirePOWER Services Software for ASA.
5 min Vulnerability Disclosure

CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE

The VMware Workspace ONE Access, Identity Manager, and vRealize Automation products contain a locally exploitable privilege escalation vulnerability.
4 min Events

What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022

​Here's a sneak peek of what we have planned from August 9-12 at the all-star lineup of cybersecurity sessions in Las Vegas, including Black Hat 2022.
9 min Vulnerability Disclosure

QNAP Poisoned XML Command Injection (Silently Patched)

In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.
8 min Vulnerability Disclosure

Primary Arms PII Disclosure via IDOR (FIXED)

Primary Arms, a popular e-commerce site dealing in firearms and related merchandise, suffers from an insecure direct object reference (IDOR) vulnerability.
3 min Ransomware

To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved

Our research shows the "market share" of ransomware groups and how much they focused on different types of data.

2 min Detection and Response

Today’s SOC Strategies Will Soon Be Inadequate

New research sponsored by Rapid7 explores the momentum behind SOC modernization and the role extended detection and response (XDR) plays.

3 min Ransomware

For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus

We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.
3 min Ransomware

For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma

When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.
5 min Vulnerability Disclosure

CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.
4 min Vulnerability Disclosure

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
4 min Ransomware

New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers

"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.
3 min Ransomware

Complimentary GartnerⓇ Report "How to Respond to the 2022 Cyberthreat Landscape": Ransomware Edition

The complimentary GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape"will help you understand and defend against the ransomware threat.
3 min Vulnerability Disclosure

CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)

With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.

Popular Topics

Tags