Rapid7 is on a mission to drive the SecOps movement into the future, and we take that to heart with our holistic approach to security. Rapid7 has policies and procedures in place to keep our data, platform, and products secure, so that we can continue creating tools and services that keep our customers secure.
Rest assured: Rapid7’s approach to security is established on four core pillars essential to trust.
Availability
You have access to your data when you need it and our operational status is always up to date.
Have questions? We have answers.
Read What’s New on the Rapid7 Blog
Patch Tuesday - December 2024
1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
On Monday, December 9, multiple security firms began privately circulating
reports of in-the-wild exploitation targeting Cleo file transfer software. Late
the evening of December 9, security firm Huntress published a blog on active
exploitation of three different Cleo products (docs
[https://cleo-infoeng.s3.us-east-2.amazonaws.com/PDF/Harmony/5.8/Harmony_58_UserGuide_053123.pdf]
):
* Cleo VLTrader, a server-side solution for “mid-enterprise organizations”
* Cleo Harmony, which provides file t
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.
Rapid7 is trusted by over 11,000 customers
