2 min
Cloud Security
Reduce Risk and Regain Control with Cloud Risk Complete
Detect and manage risk across cloud environments, endpoints, on-premises infrastructure, and web applications, with Rapid7's Cloud Risk Complete.
5 min
Rapid7 Culture
Celebrating Women’s History Month at Rapid7
On March 8th, Rapid7 hosted an International Women's Day panel, which focused equity, inclusion, and advocacy in the workplace.
7 min
Vulnerability Disclosure
CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures
Rapid7 has discovered three security concerns in CloudPanel from MGT-COMMERCE, a self-hosted web administration solution.
3 min
Emergent Threat Response
Rapid7-Observed Exploitation of Adobe ColdFusion
Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments.
5 min
Rapid7 Culture
Practice Operations Manager Looks Back On First Five Months With Rapid7
Elianna Sfez is a Threat Intelligence Practice Operations Manager at Rapid7. We sat down to chat about her new hire journey, company culture, and more.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 3/17/23
FortiNAC EITW Content Added
Whilst we did have a few cool new modules added this week, one particularly
interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952
, that
was added in by team member Jack Heysel. This module exploits an unauthenticated
RCE in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through
9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0
through 8.5.4,
4 min
MITRE ATT&CK
MITRE ATT&CK® Mitigations
It's essential to implement robust security measures to protect your organization. One way to do this is to utilize the MITRE ATT&CK framework.
3 min
Threat Intel
Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study
Security decision-makers are more concerned about external attacks than any other attack vector, according to the new Forrester Consulting study commissioned by Rapid7.
4 min
Consulting Services
Build Security Muscle Memory With Tabletop Exercises
What scrimmages were to football, tabletop exercises (TTX) are to incident response, business continuity, disaster recovery, vulnerability management, and other critical components of your organization’s security program.
3 min
Automated Remediation
3 Steps for Ramping Up to Fully Automated Remediation
Implementing automated remediation doesn't happen overnight—it takes time and a good roadmap. This article offers an incremental crawl, walk, run approach.
11 min
Vulnerability Management
Patch Tuesday - March 2023
Microsoft March 2023 Patch Tuesday fixes 101 security issues, including a Critical zero-day vulnerability in Outlook which has been exploited by Russia-based actors against European government & critical infrastructure targets.
4 min
Vulnerability Disclosure
Microsoft Defender for Cloud Management Port Exposure Confusion
Microsoft Defender for Cloud, until recently, didn't distinguish "0.0.0.0/0" as a synonym for "any" when checking for management port exposures for Azure instances.
2 min
Cybersecurity
Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two
Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt in times of great stress and impact.
5 min
Healthcare Security
Cloud Security Strategies for Healthcare
The healthcare industry must innovate in the cloud to meet patient needs, but organizations need to do so without creating unnecessary or unmanaged risk.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 10, 2023
Wowza, a new credential gatherer and login scanner!
This week Metasploit Framework gained a credential gatherer for Wowza Streaming
Engine Manager. Credentials for this application are stored in a file named
admin.password in a known location and the file is readable by default by
BUILTIN\Users on Windows and is world readable on Linux.. The module was written
by community contributor bcoles who also wrote a
login scanner for Wowza this week. The login scanner can b