3 min
Penetration Testing
7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros
Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.
4 min
Threat Intel
How Cybercriminals Use Pinterest to Run Fraud Scams
There are a variety of scams hackers can run on Pinterest, but for this post, we’ll focus on fraud and financial scams.
4 min
Penetration Testing
Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon
Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.
5 min
Threat Intel
How to Automate Identifying and Take Down Malicious Social Media Profiles
Here is how Rapid7 has automated the process of identifying and taking down fake social media profiles to help companies proactively identify these scams.
5 min
Breach Preparedness
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
[https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
[https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
1 min
Whiteboard Wednesday
Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps
There’s no silver bullet to combating protecting your organization from
phishing
attacks [https://www.rapid7.com/solutions/phishing-protection/] today. The only
comprehensive approach leverages a combination of methods, many of which we’ve
covered in parts 1 [https://www.rapid7.com/resources/wbw-anti-phishing/] and 2
[https://www.rapid7.com/resources/wbw-phishing-protection/] of our three-part
phishing Whiteboard Wednesday series.
Phishing is a human problem, and part of the solution is to prop
3 min
InsightPhishing
Rapid7 InsightPhishing (Beta): Unified phishing simulation, investigation, and analysis
Starting March 1, 2019, Rapid7 will no longer offer or support InsightPhishing,
and the beta program will end. Click here
[https://kb.help.rapid7.com/docs/insightphishing-end-of-program-announcement]
for more information.
Phishing attacks remain one of the top challenges for SecOps teams. Yes, we all
nod when we see the stats that get thrown around, like the ones below. But we
also know this because we’ve heard it directly from our customers. Rapid7 has a
long tradition of creating products an
2 min
Metasploit
Federal Friday - 6.13.14 - New Group, Same Story
Happy Friday, Federal friends! It's another lovely Fall day here in Beantown but
I hope each of you are enjoying your early Summer weather. Some exciting news as
Rapid7 was named one of the Top Places to Work by the Boston Business Journal
(#11 Mid-size company)!
I'm going to keep it short and sweet today considering this is a topic I've
covered before. Given the news stemming from a new CrowdStrike
[http://www.crowdstrike.com/sites/all/themes/crowdstrike2/css/imgs/platform/CrowdStrike_Global_T
2 min
Metasploit
Top 4 Takeaways from the "Live Bait: How to Prevent, Detect, and Respond to Phishing Emails" Webcast
In this week's webcast,Lital Asher - Dotan
[https://community.rapid7.com/people/lasherdotan] and ckirsch
[https://community.rapid7.com/people/ckirsch] tackled the hot topic, “Live
Bait:
How to Prevent, Detect, and Respond to Phishing Emails
[https://information.rapid7.com/prevent-detect-and-respond-to-phishing-emails.html?CS=blog]
”. Phishing has risen from #9 to #3 in the Verizon Data Breach Investigations
Report on the most common attack vectors. Phishing attacks are often successful
because i
1 min
Metasploit
Federal Friday - 5.30.14 - Social Engineering from the Middle East
Happy Friday, Federal friends. You can tell it's almost Summah up here because
it's been 50 and raining this week.
So an interesting piece of news from an article on DarkReading
[http://www.darkreading.com/attacks-breaches/iranian-cyberspies-pose-as-journalists-online-to-ensnare-their-targets/d/d-id/1269270]
this week regarding an ongoing campaign targeting government officials and
contractors of both the US and Israel. This is a mash-up of social engineering
techniques from phishing to social
2 min
Metasploit
Top 3 Takeaways from "7 Ways to Make Your Penetration Tests More Productive" Webcast
Earlier this week we heard from ckirsch
[https://community.rapid7.com/people/ckirsch], Senior Product Marketing Manager
for Metasploit at Rapid7, on the pressure penetration testers are facing. (Hint:
it's a lot!). With the increase in high profile breaches and their costs, more
and more emphasis is being put on the pen tester and security in general. Read
on if you'd like to get the top takeaways from this week's webcast so that you
aren't left in the dark about, "7 Ways to Make Your Penetratio
1 min
Hacking
Rapid7: Coming to a city near you
We're taking this show on the road. Literally.
This week our multi-city Rapid7 roadshow event, “Security at the Crossroads,”
kicked off in New York and Minneapolis. Industry experts and fellow
practitioners – including speakers from Forrester, Cardinal Innovations
Healthcare Solutions, Vertex Pharmaceuticals, Porter Airlines, and TriNet –
gathered to share security stories, strategies, and best practices.
There isn't enough room to share all the takeaways from these two events, but
here are
4 min
Social Engineering
Social Engineering: Would You Fall For This Phone Call?
Cyber criminals don't always need a keyboard to hack into your bank account or
company network. In fact, a lot of attacks start with a simple phone call.
Typically, the attackers are either trying to get information out of you or to
make you do something. This is a technique they call social engineering.
I've read a lot about social engineering over the years, since it's a personal
area of interest. It can be used by a bunch off different occupations, such as
FBI interrogators, con artists, sal
2 min
Events
Social-Engineer CTF Report Released
For the last five years, the team at Social-Engineer have been bringing one of
the most exciting events to DEF CON - the Social Engineering Capture the Flag.
The contest was designed to help bring awareness to the world about how
dangerous social engineering can be. In our 5th year, the competition was
fierce and the report is the best we have ever released.
This year a pool of 10 men and 10 women, from diverse backgrounds and experience
levels, tested their social engineering abilities again
1 min
Social Engineering
The Threat Within: RiskRater User Risk Report
Last week, we released the third of three reports from our RiskRater
[https://riskrater.rapid7.com/] research.
The first two reports focused on mobile devices
[http://www.rapid7.com/docs/mobile_aug_2013.pdf] and endpoint devices
[http://www.rapid7.com/docs/RiskRaterEndpointReport.pdf]. The latest report is
centered around the risks posed by the one thing that no organization can
operate without: Users.
With the amount of protections in place at the perimeter, attackers have shifted
much of the