Posts tagged Vulnerability Management

7 min Vulnerability Management

Patch Tuesday - May 2022

This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem.

5 min Vulnerability Management

How to Strategically Scale Vendor Management and Supply Chain Security

Here are simple changes that can help you provide more impactful supply chain security guidance and controls to decrease risk.

5 min Vulnerability Management

What's New in InsightVM and Nexpose: Q1 2022 in Review

The product updates our vulnerability management (VM) team has made to InsightVM and Nexpose in the last quarter will empower you to stay in charge — not the vulnerabilities.

11 min Vulnerability Management

Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.

5 min Ransomware

4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 2

In our second blog in this two-part series, Datto Inc. CISO Ryan Weeks outlines the third and fourth fallacies that perpetuate ransomware risk for SMBs.

4 min Research

Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.

5 min Ransomware

4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 1

In this two-part blog series, we will present four common mistakes SMBs make when thinking about ransomware risk.

4 min Vulnerability Management

The VM Lifecycle: How We Got Here, and Where We’re Going

In this post, we explore the concept of a vulnerability management lifecycle, providing practical guidance and definitions.

6 min Vulnerability Management

InsightVM Scanning: Demystifying SSH Credential Elevation

In this post, we look at the different ways SSH credentials can be elevated for scanning in InsightVM.

3 min Vulnerability Management

An Inside Look at CISA’s Supply Chain Task Force

In this guest post, Rapid7 customer Chad Kliewer writes about his experience on CISA's new task force created to enhance supply chain resilience.

8 min Vulnerability Management

Patch Tuesday - March 2022

March 2022's Patch Tuesday sees Microsoft addressing 71 CVEs (excluding Chromium/Edge), 3 of which are considered Critical.

3 min Vulnerability Management

InsightVM Scan Engine: Understanding MAC Address Discovery

When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection.

5 min Vulnerability Management

What's New in InsightVM and Nexpose: Q4 2021 in Review

As we enter into the new year, we wanted to provide a recap of product releases and features in InsightVM and Nexpose for Q4 2021.

6 min Log4Shell

Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal

On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.

14 min Research

Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.