6 min
CISOs
Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500
We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.
8 min
ICER Reports
Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500
Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.
5 min
Patch Tuesday
Patch Tuesday - May 2021
Here we are again with another installment of Patch Tuesday. When compared to
the past few months this one feels a bit light both in severity and number of
vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this
month, less than half of the usual volume, with only 4 of them being scored as
critical. Let's dive into the details.
HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-
6 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500
Complexity is the enemy to successful security outcomes. To get a feel for how well-resourced organizations perform in this area, we looked at 3 factors.
3 min
InsightVM
What’s New in InsightVM: Q1 2021 in Review
Here now is a rundown of new features and functionality launched in Q1 2021 for InsightVM and Insight Cloud. We hope you can begin to leverage these changes to drive success across your organization.
2 min
Emergent Threat Response
Codecov Discloses Supply Chain Compromise
On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.
2 min
Vulnerability Management
Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM
InsightVM’s Executive Summary Report has proved to be a powerful tool, and we’re excited to announce that it just got better.
9 min
Patch Tuesday
Patch Tuesday - April 2021
Patch Tuesday is here again and there are more Exchange updates to apply! A
total of 114 vulnerabilities were fixed this month with more than half of them
affecting all versions of Windows, with about half of them being remote code
execution bugs, and about a fifth of them being rated as critical by Microsoft.
Let's dive in!
New Exchange Server Patches Available
If you were only going to patch one thing today, please let it be this. Exchange
Server has been a hot topic since the vulnerabilities
3 min
Vulnerability Disclosure
CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)
Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.
2 min
Emergent Threat Response
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.
5 min
News
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."
2 min
Research
Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020
Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.
9 min
Vulnerability Management
Patch Tuesday - March 2021
Another Patch Tuesday (2021-Mar
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar]) is upon us and
with this month comes a whopping 122 CVEs. As usual Windows tops the list of
the most patched product. However, this month it’s browser vulnerabilities
taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the
Exchange Server vulnerabilities this month are not to be ignored as more than
half of them have been seen exploited in the wild.
Vulnerability Breakdown by S
3 min
Cloud Security
How to Keep Up With Vulnerability Management Challenges in Ephemeral Cloud Environments
The modern perspective is that the cloud has made it much easier to have visibility of your attack surface and everything you’re working with.
4 min
Emergent Threat Response
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.