All Posts

6 min Ransomware

How Ransomware Is Changing US Federal Policy

The increased stakes of the ransomware threat are pushing regulators to take a harder look at whether regulatory requirements for cybersecurity safeguards are effective.

3 min Detection and Response

The Great Resignation: 4 Ways Cybersecurity Can Win

Cybersecurity has had a talent shortage for years. Here are four ideas about how to prepare for it and win.

2 min Metasploit

Metasploit Weekly Wrap-Up

Image Credit: https://upload.wikimedia.org/wikipedia/commons/c/c7/Logs.jpg without changewhile (j==shell); Log4j; The Log4j loop continues as we release a module targeting vulnerable vCenter releases. This is a good time to suggest that you check your vCenter releases and maybe even increase the protection surrounding them, as it’s been a rough year-plus for vCenter [https://attackerkb.com/search?q=vcenter&tags=exploitedInTheWild]. Let your shell do the walking bcoles [https://github.com/bcoles

3 min Ransomware

Is the Internet of Things the Next Ransomware Target?

What would it take for IoT to be the target of ransomware? This post takes a closer look.

2 min Security Nation

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in Apache’s Log4j logging library.

3 min Research

Open-Source Security: Getting to the Root of the Problem

The past few weeks have shown us the importance and wide reach of open-source security.

4 min Emergent Threat Response

Active Exploitation of VMware Horizon Servers

Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.

5 min 2022 Planning

2022 Planning: Metrics That Matter and Curtailing the Cobra Effect

Creating metrics in cybersecurity is hard enough, but creating metrics that matter is a harder challenge still.

3 min Metasploit Weekly Wrapup

Metasploit Weekly Wrap-Up

Five new modules, including exploits for Log4Shell and SonicWall SMA 100 series devices, plus a new Meterpreter command that allows users to kill all channels at once.

2 min Career Development

7Rapid Questions: Stephen Donnelly

For this installment of 7Rapid Questions, we spoke with Stephen Donnelly, Rapid7's Senior Engineering Manager for SOAR in our Belfast office.

5 min Hacky Holidays 2021

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.

4 min Managed Detection and Response

Evaluating MDR Vendors: A Pocket Buyer's Guide

Here are 4 big-picture questions to use as a quick-reference guide in the early stages of your MDR vendor selection journey.

6 min IoT

A Quick Look at CES 2022

The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.

3 min Application Security

A December to Remember — Or, How We Improved InsightAppSec in Q4 in the Midst of Log4Shell

We wanted to take a moment to recap some of InsightAppSec and tCell's Q4 highlights and give us all a little much-deserved break from the madness.

3 min Detection and Response

Demystifying XDR: How Humans and Machines Join Forces in Threat Response

Finding the right balance between machine learning and human know-how is an essential part of a successful XDR implementation.