2分钟
研究
25 Years of Nmap: Happy Scan-iversary!
On September 1, 1997, the open-source security scanner Nmap was released. Our 导演 of 研究 Tod Beardsley reflects on the 25th anniversary.
4分钟
研究
Pushing Open-Source Security Forward: Insights From Black Hat 2022
Here's a look at two Rapid7 researchers' presentations from Black Hat 2022, 和 how their efforts are helping push open-source security forward.
3分钟
App 保护
你的应用暴露了吗?? Know Faster With Application Discovery in InsightAppSec
InsightAppSec's new application discovery feature, powered by Rapid7's Project Sonar, helps security teams know what apps are exposed to the internet.
21分钟
漏洞的披露
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, 和 FirePOWER 服务 Software
Rapid7 discovered vulnerabilities 和 non-security issues affecting Cisco ASA, ASDM, 和 FirePOWER 服务 Software for ASA.
5分钟
漏洞的披露
CVE-2022-31660 和 CVE-2022-31661 (FIXED): VMware Workspace ONE Access, 身份管理器, 和vRealize自动化LPE
The VMware Workspace ONE Access, 身份管理器, 和 vRealize Automation products contain a locally exploitable privilege escalation vulnerability.
4分钟
事件
What We're Looking Forward to at Black Hat, DEF CON, 和 BSidesLV 2022
Here's a sneak peek of what we have planned from August 9-12 at the all-star lineup of cybersecurity sessions in Las Vegas, 包括黑帽2022.
9分钟
漏洞的披露
QNAP Poisoned XML Comm和 Injection (Silently Patched)
In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.
8分钟
漏洞的披露
主武器 PII Disclosure via IDOR (FIXED)
主武器, a popular e-commerce site dealing in firearms 和 related merch和ise, suffers from an insecure direct object reference (IDOR) vulnerability.
3分钟
Ransomware
To Maze 和 Beyond: How the Ransomware Double Extortion Space Has Evolved
Our research shows the "market share" of ransomware groups 和 how much they focused on different types of data.
2分钟
研究
Today’s SOC Strategies Will Soon Be Inadequate
New research sponsored by Rapid7 explores the momentum behind SOC modernization 和 the role extended detection 和 response (XDR) plays.
3分钟
Ransomware
For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus
We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.
3分钟
Ransomware
For Ransomware Double-Extorters, It's All About the Benjamins — 和 Data From Healthcare 和 Pharma
When it comes to ransomware in healthcare 和 pharma, there are some notable similarities that set them apart from other industries.
5分钟
漏洞的披露
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.
4分钟
漏洞的披露
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)
A remote 和 low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
4分钟
Ransomware
New Report Shows What Data Is Most at Risk to (和 Prized by) Ransomware Attackers
"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, 他们看重什么, 以及他们如何施加压力.