5 min
Research
CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview
On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.
2 min
Vulnerability Management
Patch Tuesday - April 2020
Global working-from-home routines haven't slowed down Microsoft and its ability
to help close up vulnerabilities in their products. This April Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr]
(WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's
not the highest we've seen, but it is still an impressive spread of fixes coming
in this month with a fair number resolving SharePoint and Office vulnerabilities
along with the
7 min
Microsoft
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.
6 min
Vulnerability Management
4 Common Goals For Vulnerability Risk Management Programs
This post will give you a glimpse into the research to pinpoint under-served and unmet customer needs in the vulnerability risk management space.
17 min
Vulnerability Disclosure
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.
5 min
Vulnerability Management
Reduce False Positive Vulnerabilities by Up To 22%
Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.
2 min
Vulnerability Management
Rapid7 Named a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
The Rapid7 team is excited to announce that we have been recognized as a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.
2 min
Vulnerability Management
Active Exploitation of Unpatched Windows Font Parsing Vulnerability
Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).
5 min
Vulnerability Management
Redefining How to Measure the Success of Your Vulnerability Management Program
In this post, we’ll discuss which vulnerability risk management metrics matter and which ones don’t, and how to communicate them effectively.
4 min
Vulnerability Management
How to Understand the TCO and ROI of Your Vulnerability Management Program
In this blog, we discuss the total cost of ownership (TCO) compared to the potential return on investment (ROI) of your Vulnerability Management program.
3 min
Risk Management
CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis
Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.
2 min
Vulnerability Management
Patch Tuesday - March 2020
Let's start off talking about CVE-2020-0688
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688]
from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At
the time it was published February 11, 2020, the vulnerability had not seen
active exploitation. As of March 9, 2020, there were increasing reports of
activity
[https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/]
happening on unpatched Exchange
3 min
Vulnerability Management
How to Improve Vulnerability Patching Efficiency through Automation
In this blog, we discuss how automation can improve your security team's patching efficiency.
8 min
InsightVM
ServiceNow CMDB Asset Import Using the InsightVM Integration for ServiceNow CMDB
This is part two of our series covering the recently released InsightVM Integration for ServiceNow CMDB application available on the ServiceNow Platform.
4 min
InsightAppSec
InsightVM + InsightAppSec: A Love Story
Today, we take a moment to appreciate how two of our products, InsightVM and InsightAppSec, work together to secure the entire tech stack for our customers.