8 min
Vulnerability Disclosure
Primary Arms PII Disclosure via IDOR (FIXED)
Primary Arms, a popular e-commerce site dealing in firearms and related merchandise, suffers from an insecure direct object reference (IDOR) vulnerability.
4 min
Cloud Security
Collaboration Drives Secure Cloud Innovation: Insights From AWS re:Inforce
Here's what experts had to say at AWS re:Inforce about how organizations can quickly and securely utilize new services from cloud service providers.
5 min
Cloud Security
Shift Left: Secure Your Innovation Pipeline
As shift left has become critical to cloud security, here's how organization can implement best practices and technologies into their DevOps workflows.
4 min
Metasploit
Metasploit Weekly Wrap-Up: Jul. 29, 2022
Roxy-WI Unauthenticated RCE
This week, community member Nuri Çilengir added
an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing
HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a
specially crafted POST request to a Python script where the ipbackend parameter
is vulnerable to OS command injection. The result is reliable code execution
within the context of the web application user.
Fewer Meterpreter Scripts
Community
2 min
Events
[VIDEO] An Inside Look at AWS re:Inforce 2022 From the Rapid7 Team
We asked three of our Rapid7 team members to answer a few questions and give us their experience from AWS re:Inforce 2022.
1 min
Lost Bots
[The Lost Bots] Season 2, Episode 2: The Worst and Best Hollywood Cybersecurity Depictions
In this episode, our hosts walk us through the most hilariously bad and surprisingly accurate depictions of cybersecurity in popular film and television.
5 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q2 2022 in Review
We made several investments to both InsightVM and Nexpose throughout Q2 2022 that will help teams improve and automate vulnerability management.
2 min
Emergent Threat Response
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.
3 min
Ransomware
To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved
Our research shows the "market share" of ransomware groups and how much they focused on different types of data.
5 min
SOAR
5 SOAR Myths Debunked
As organizations increasingly use SOAR systems to keep up with their security operations challenges, here are 5 SOAR myths worth debunking.
3 min
AWS
Rapid7 at AWS re:Inforce: 2 Big Announcements
Here's a look at how Rapid7 is building on our existing partnership with Amazon Web Services to help organizations securely advance.
3 min
Vulnerability Disclosure
CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)
This advisory covers a number of issues identified in Velociraptor and fixed as of Version 0.6.5-2, released July 26, 2022.
2 min
Compliance
ISO 27002 Emphasizes Need For Threat Intelligence
Earlier this year, the International Organization for Standardization (ISO) released ISO 27002, which features a dedicated threat intelligence control.
3 min
AWS
What We’re Looking Forward to at AWS re:Inforce
Here's a sneak peak at some of the highlights to come this week at AWS re:Inforce and what we're looking forward to the most.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 7/22/22
The past, present and future of Metasploit
Don't miss Spencer McIntyre's talk on the Help Net Security's blog
. Spencer is the Lead Security Researcher at Rapid7 and speaks about how
Metasploit has evolved since its creation back in 2003. He also explains how the
Framework is addressing today's offensive security challenges and how important
is the partnership with the community.
LDAP swiss army knife
This week,