3 min
Rapid7 Culture
A Customer Success Manager’s Journey to Cybersecurity
Blake Walters joined Rapid7 ready to roll up his sleeves and learn about an entirely new field—cybersecurity.
10 min
Research
Rapid7 Observes Use of Microsoft OneNote to Spread Redline Infostealer and Qakbot Malware
Recently, Rapid7 observed malicious actors using OneNote files to deliver malicious code. This post details our findings.
3 min
Threat Intel
Threat Intelligence: 2022 Year in Review
As we forge into 2023, Rapid7 Threat Intelligence remains laser-focused and committed to addressing the critical needs of security teams.
13 min
Metasploit
Metasploit Framework 6.3 Released
Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/27/23
Cacti Unauthenticated Command Injection
Thanks to community contributor Erik Wynter ,
Metasploit Framework now has an exploit module
for an
unauthenticated command injection vulnerability in the Cacti network-monitoring
software. The vulnerability is due to a proc_open() call that accepts
unsanitized user input in remote_agent.php. Provided that the target server has
data that's tied to the POLLER_ACTION_S
3 min
Detection and Response
The High Cost of Human Error In OT Systems
Nearly 80% of respondents to a recent SCADAfence survey said human error presents the greatest risk to OT control systems.
3 min
Detection and Response
3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response: Gartner® Report
In an ongoing effort to help security organizations gain greater visibility into risk, we’re pleased to offer this complimentary Gartner® report, 3 Ways to Apply a Risk-Based Approach to Threat Detection, Investigation, and Response.
1 min
Government
Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint
Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating SLED institutions.
1 min
Government
Rapid7 Added to Carahsoft GSA Schedule Contract
We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 1/20/23
See something say something
Have an idea on how to expand on Metasploit Documentation on
https://docs.metasploit.com/? Did you see a typo or some other error on the docs
site? Thanks to adfoster-r7 , submitting an
update to the documentation is as easy as clicking the 'Edit this page on
GitHub' link on the page you want to change. The new link will take you directly
to the source in Metasploit's GitHub so you can quickly locate the Markdown
1 min
Emergent Threat Response
Exploitation of Control Web Panel CVE-2022-44877
Security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877 in early January. Successful exploitation has since been observed in the wild.
7 min
Emergent Threat Response
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability
Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.
4 min
Cloud Security
Grocery Delivery Apps: Trading Convenience for Credentials
Adoption of food apps has been incredibly fast and they are now a ubiquitous part of everyday culture. However, the tradeoff for that convenience is risk.
2 min
InsightIDR
What’s New in InsightIDR: Q4 2022 in Review
Our InsightIDR 2022 Q4 recap post offers a closer look at the recent investments and releases Rapid7 made over the past quarter.
3 min
Gartner
Gartner® Report: Questions to Ask When Selecting an MDR Provider
In an ongoing effort to help security organizations thoughtfully consider potential providers, we’re pleased to offer this complimentary Gartner® report, Quick Answer: What Key Questions Should I Ask When Selecting an MDR Provider?