6 min
Attack Surface Security
Cyber Asset Attack Surface Management 101
CAASM is intended to be an authoritative source of asset information complete with ownership, network, and business context for IT and security teams.
5 min
Metasploit
Metasploit Weekly Wrap-Up
Metasploit T-Shirt Design Contest
In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition
t-shirts - and we're inviting members of our community to have a hand in its
creation. The contest winner will have their design featured on the shirts,
which will then be available to pick up at Black Hat 2023.
We will be accepting submissions from now through June 30! Contest details,
design guidelines, and submission instructions here
[https://docs.google.com/forms/d/e/1FAIpQLSeWU
3 min
Emergent Threat Response
CVE-2023-34362: MOVEit Vulnerability Timeline of Events
Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.
10 min
Vulnerability Management
Patch Tuesday - June 2023
No zero-day vulns this month. PGM & .NET/Visual Studio critical RCEs. SharePoint EoP. Exchange RCEs.
2 min
Emergent Threat Response
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability
Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.
3 min
Metasploit
Metasploit Weekly Wrap-Up
MOVEit
It has been a busy few weeks in the security space; the MOVEit
[https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/?utm_campaign=sm-blog&utm_source=twitter&utm_medium=organic-social]
vulnerability filling our news feeds with dancing lemurs and a Barracuda
[https://www.rapid7.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/?utm_campaign=sm-ETR&utm_source=twitter,linkedin&utm_me
6 min
Application Security
OWASP TOP 10 API Security Risks: 2023!
The OWASP Top 10 API Security Risks is a list of the highest priority API based threats in 2023. In this blog, we detail each item on the list.
3 min
Cloud Security
Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec
We are pleased to introduce our next advancement of identity-related risk management and remediation in Rapid7's InsightCloudSec: Identity Analysis.
3 min
Emergent Threat Response
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.
10 min
Velociraptor
Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode
Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.
4 min
Metasploit
Metasploit Weekly Wrap-Up
Metasploit adds new support for Amazon Web Services EC2 instance enumeration with integrated session support, Apache NiFi scanners, and more
5 min
Detection and Response
This is Ceti Alpha Five!
In this blog, we explore how Star Trek II: The Wrath of Khan demonstrates the very best and worst of cybersecurity in the 23rd Century.
2 min
Metasploit
Metasploit Weekly Wrap-Up
Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module
8 min
Emergent Threat Response
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
4 min
Rapid7 Culture
Rapid7 Sales Director Devin Poulter On Building a Career as an Account Executive
Devin Poulter is a Sales Director with over 20 years of experience in the tech industry. Recently, we spoke with him about building a career in tech sales.