Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study
Security decision-makers are more concerned about external attacks than any other attack vector, according to the new Forrester Consulting study commissioned by Rapid7.
Build Security Muscle Memory With Tabletop Exercises
What scrimmages were to football, tabletop exercises (TTX) are to incident response, business continuity, disaster recovery, vulnerability management, and other critical components of your organization’s security program.
Three Steps for Ramping Up to Fully Automated Remediation
Implementing automated remediation doesn't happen overnight—it takes time and a good roadmap. This article offers an incremental crawl, walk, run approach.
Patch Tuesday - March 2023
Microsoft March 2023 Patch Tuesday fixes 101 security issues, including a Critical zero-day vulnerability in Outlook which has been exploited by Russia-based actors against European government & critical infrastructure targets.
Microsoft Defender for Cloud Management Port Exposure Confusion
Microsoft Defender for Cloud, until recently, didn't distinguish "0.0.0.0/0" as a synonym for "any" when checking for management port exposures for Azure instances.
Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two
Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt in times of great stress and impact.
Cloud Security Strategies for Healthcare
The healthcare industry must innovate in the cloud to meet patient needs, but organizations need to do so without creating unnecessary or unmanaged risk.
Metasploit Weekly Wrap-Up
Wowza, a new credential gatherer and login scanner!
This week Metasploit Framework gained a credential gatherer for Wowza Streaming
Engine Manager. Credentials for this application are stored in a file named
admin.password in a known location and the file is readable by default by
BUILTIN\Users on Windows and is world readable on Linux.. The module was written
by community contributor bcoles [https://github.com/bcoles] who also wrote a
login scanner for Wowza this week. The login scanner can b
Detection and Response
[The Lost Bots] S03E01: Tech Stack Consolidation and Bacon
Jeffrey Gardner, D&R Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, discuss consolidation benefits and potential "gotchas".
What Tech Companies Should Look For in Cloud Security
Learn from Temporal Technologies's Brandon Sherman and Ancestry's Tony Black about how today's tech's security teams can tackle cloudsec challenges.
Vulnerability Management vs. Vulnerability Assessment
Vulnerability assessment (VA) and vulnerability management (VM) are two of the best ways to protect your enterprise against threats, but these terms are often used incorrectly
Metasploit Weekly Wrap-Up
2022 Vulnerability Intelligence Report Released
Rapid7’s broader vulnerability research team released our 2022 Vulnerability
this week. The report includes Metasploit and research team data on
exploitation, exploitability, and vulnerability profiles that are intended to
help security teams understand and prioritize risk more effectively. Put simply,
New InsightCloudSec Compliance Pack: Key Takeaways From the Azure Security Benchmark V3
In this article, we look at the new Azure Security Benchmark V3 and identify some of the controls that we view as particularly impactful.
Emergent Threat Response
Active Exploitation of ZK Framework CVE-2022-36537
Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.
Executive Webinar: Confronting Security Fears to Control Cyber Risk
Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives create a positive cybersecurity culture.