4 min
Cybersecurity
Cybercriminals Selling Access to Compromised Networks: 3 Surprising Research Findings
To help fend off network compromise events and curb breach sales, we decided to analyze why and how criminals sell their network access.
5 min
Cybersecurity
Fortinet FortiWeb OS Command Injection
An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
3 min
Incident Response
Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows
Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.
10 min
Cybersecurity
Reforming the UK’s Computer Misuse Act
The CMA is the UK’s anti-hacking law, and we've provided feedback on the issues we see with the legislation.
6 min
Patch Tuesday
Patch Tuesday - August 2021
Hot off the press, it’s another issue of the Patch Tuesday blog! While the
number of vulnerabilities is low this month, there are a number of high risk
items administrators will want to patch right away including a few that will
require additional remediation steps. This Patch Tuesday also includes updates
for three vulnerabilities that were publicly disclosed earlier this month. Let’s
jump in.
Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM
https://msrc.microsoft.com/
11 min
Public Policy
Hack Back Is Still Wack
The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.
3 min
Virtual Vegas
Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways
Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year.
8 min
Ransomware
Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever
Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.
3 min
Virtual Vegas
Black Hat 2021: Rapid7 Experts Share Key Day 1 Takeaways
OK, no big deal, we know how this goes. Once again, many of us are attending
Black Hat [https://www.blackhat.com/us-21/] in a virtual capacity as COVID-19
meanders its way out of our lives. The good news is that there’s an actual live
component again this year in Las Vegas, and that’s progress. Here’s hoping that
next year the pandemic will be more firmly in the rearview and any remaining
travel trepidation will be a “2021 thing.”
So flip the on-switch to some neon lights if you got ‘em, and l
7 min
Ransomware
The Ransomware Task Force: A New Approach to Fighting Ransomware
The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.
4 min
Metasploit
Metasploit Wrap-Up
Now I Control Your Resource Planning Servers
Sage X3 is a resource planning product designed by Sage Group which is designed
to help established businesses plan out their business operations. But what if
you wanted to do more than just manage resources? What if you wanted to hijack
the resource server itself? Well wait no more, as thanks to the work of Aaron
Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson
[https://www.linkedin.com/in/jonathan-p-004b76a1/], Will
3 min
Detection and Response
Accelerating SecOps and Emergent Threat Response with the Insight Platform
Efficiency and streamlined operations are two areas where our team will continue to focus efforts in order to deliver value across Rapid7’s growing best-in-class portfolio, while enabling cross capability experiences that improve security team effectiveness.
3 min
InsightVM
What’s New in InsightVM: Q2 2021 in Review
Here is a rundown of new features and functionality launched in Q2 2021 for InsightVM and the Insight Platform.
9 min
Vulnerability Management
Patch Tuesday - July 2021
Microsoft has patched another 117 CVEs
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul], returning to
volumes seen in early 2021 and most of 2020. It would appear that the recent
trend of approximately 50 vulnerability fixes per month was not indicative of a
slowing pace. This month there were 13 vulnerabilities rated Critical with
nearly the rest being rated Important. Thankfully, none of the updates published
today require additional steps to remediate, so administrators should b