Rapid7 Blog

4 min Penetration Testing

Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access

This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization.

2 min Penetration Testing

Details Matter: Pentesting a single device to guarantee security

Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network.

2 min Ransomware

Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.

The Ransomware Radar Report offers some startling insights into who ransomware threat actors are and how they’ve been operating in the first half of 2024.

4 min Exposure Command

Introducing the Rapid7 Command Platform

The introduction of the Rapid7 Command Platform - our unified threat exposure and detection and response platform.

5 min Exposure Command

Rapid7 Introduces Exposure Command to Eliminate the Security Visibility Gap

Exposure Command provides 360-degree visibility and enables security teams to pinpoint and extinguish your most critical risks.

2 min Metasploit

Metasploit Weekly Wrap-Up 08/02/2024

Metasploit goes to Hacker Summer Camp Next week, Metasploit will have demos at both Black Hat and DEF CON where the latest functionality from this year will be presented. The Black Hat demo will be on Thursday the 8th from 10:10 to 11:25 and the DEF CON demo will be on Saturday the 10th from 12:00 to 13:45. The highlights will include demonst

2 min InsightCloudSec

New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation

Building on our cloud risk scoring, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization and quick remediation of the most critical risks.

2 min Career Development

Celebrating Excellence: Rapid7 Recognized in Newsweek's Greatest Workplaces in America 2024

In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in Newsweek's Greatest Workplaces in America for 2024.

2 min Reports

New Research: The Proliferation of Cellular in IoT

Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.

4 min Emergent Threat Response

VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns

On July 29, Microsoft published threat intelligence on observed exploitation of CVE-2024-37085, an authentication bypass vulnerability in Broadcom VMware ESXi hypervisors that has been used in multiple ransomware campaigns.

1 min Artificial Intelligence

Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI

"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on leveraging AI to enhance cyber defenses.

2 min Metasploit

Metasploit Weekly Wrap-Up 07/26/2024

New module content (3) Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: #19304 contributed by heyder Path: gather/magento_xxe_cve_2024_34102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento which is

1 min Events

Key Takeaways From The Take Command Summit: Command Your Cloud

The Cloud security landscape is constantly changing. During the "Command Your Cloud" session at the Rapid7 Take Command Summit, industry experts Ryan Blanchard, Jeffrey Gardner and Devin Krugly shared vital strategies for staying ahead of that constant change.

6 min Vulnerability Disclosure

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).

4 min

From Top Dogs to Unified Pack

Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.

All Posts