Posts tagged Vulnerability Management

4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 2

In our second blog in this two-part series, Datto Inc. CISO Ryan Weeks outlines the third and fourth fallacies that perpetuate ransomware risk for SMBs.

4 min Research

Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.

5 min Ransomware

4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 1

In this two-part blog series, we will present four common mistakes SMBs make when thinking about ransomware risk.

4 min Vulnerability Management

The VM Lifecycle: How We Got Here, and Where We’re Going

In this post, we explore the concept of a vulnerability management lifecycle, providing practical guidance and definitions.

6 min Vulnerability Management

InsightVM Scanning: Demystifying SSH Credential Elevation

In this post, we look at the different ways SSH credentials can be elevated for scanning in InsightVM.

8 min Vulnerability Management

Patch Tuesday - March 2022

March 2022's Patch Tuesday sees Microsoft addressing 71 CVEs (excluding Chromium/Edge), 3 of which are considered Critical.

3 min Vulnerability Management

InsightVM Scan Engine: Understanding MAC Address Discovery

When scanning an asset, one key piece of data that the InsightVM Scan Engine collects is the MAC address of the network interface used during the connection.

5 min Vulnerability Management

What's New in InsightVM and Nexpose: Q4 2021 in Review

As we enter into the new year, we wanted to provide a recap of product releases and features in InsightVM and Nexpose for Q4 2021.

6 min Log4Shell

Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal

On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.

14 min Research

Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.

6 min Vulnerability Management

Patch Tuesday - February 2022

February 2022's fixes from Microsoft are relatively light as far as Patch Tuesdays go.

10 min Patch Tuesday

Patch Tuesday - January 2022

The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947 [https://msrc.microsoft.com/update-

6 min Log4Shell

Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale

Where do you begin to respond to a critical vulnerability like the one in Apache’s Log4j Java library (a.k.a. Log4Shell)? Start with these 5 concepts.

7 min Vulnerability Management

Patch Tuesday - December 2021

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228.

8 min InsightVM

Using InsightVM to Find Apache Log4j CVE-2021-44228

How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.