All Posts

3 min Threat Intel

Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study

Security decision-makers are more concerned about external attacks than any other attack vector, according to the new Forrester Consulting study commissioned by Rapid7.

4 min Consulting Services

Build Security Muscle Memory With Tabletop Exercises

What scrimmages were to football, tabletop exercises (TTX) are to incident response, business continuity, disaster recovery, vulnerability management, and other critical components of your organization’s security program.

3 min Automated Remediation

Three Steps for Ramping Up to Fully Automated Remediation

Implementing automated remediation doesn't happen overnight—it takes time and a good roadmap. This article offers an incremental crawl, walk, run approach.

11 min Vulnerability Management

Patch Tuesday - March 2023

Microsoft March 2023 Patch Tuesday fixes 101 security issues, including a Critical zero-day vulnerability in Outlook which has been exploited by Russia-based actors against European government & critical infrastructure targets.

4 min Vulnerability Disclosure

Microsoft Defender for Cloud Management Port Exposure Confusion

Microsoft Defender for Cloud, until recently, didn't distinguish "" as a synonym for "any" when checking for management port exposures for Azure instances.

2 min Cybersecurity

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two

Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt in times of great stress and impact.

5 min Healthcare

Cloud Security Strategies for Healthcare

The healthcare industry must innovate in the cloud to meet patient needs, but organizations need to do so without creating unnecessary or unmanaged risk.

4 min Metasploit

Metasploit Weekly Wrap-Up

Wowza, a new credential gatherer and login scanner! This week Metasploit Framework gained a credential gatherer for Wowza Streaming Engine Manager. Credentials for this application are stored in a file named admin.password in a known location and the file is readable by default by BUILTIN\Users on Windows and is world readable on Linux.. The module was written by community contributor bcoles [] who also wrote a login scanner for Wowza this week. The login scanner can b

1 min Detection and Response

[The Lost Bots] S03E01: Tech Stack Consolidation and Bacon

Jeffrey Gardner, D&R Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, discuss consolidation benefits and potential "gotchas".

4 min Cloud Security

What Tech Companies Should Look For in Cloud Security

Learn from Temporal Technologies's Brandon Sherman and Ancestry's Tony Black about how today's tech's security teams can tackle cloudsec challenges.

4 min Vulnerability Management

Vulnerability Management vs. Vulnerability Assessment

Vulnerability assessment (VA) and vulnerability management (VM) are two of the best ways to protect your enterprise against threats, but these terms are often used incorrectly

3 min Metasploit

Metasploit Weekly Wrap-Up

2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report [] this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help security teams understand and prioritize risk more effectively. Put simply, secur

4 min InsightCloudSec

New InsightCloudSec Compliance Pack: Key Takeaways From the Azure Security Benchmark V3

In this article, we look at the new Azure Security Benchmark V3 and identify some of the controls that we view as particularly impactful.

4 min Emergent Threat Response

Active Exploitation of ZK Framework CVE-2022-36537

Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.

2 min Cybersecurity

Executive Webinar: Confronting Security Fears to Control Cyber Risk

Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives create a positive cybersecurity culture.