Rapid7 Blog

December 4, 2024

"Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social..." Read the blog here.

December 3, 2024

"As organizations increasingly rely on AWS for scalability and innovation, the complexity of securing these environments grows. AWS offers a robust set of native services and a comprehensive ecosystem, but managing security signals and responding to..." Read the blog here.

December 2, 2024

"The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks. As an example, recently OpenAI reported threat actors abusing ChatGPT to execute reconnaissance..." Read the blog here.

November 18, 2024

"In today’s complex threat landscape, organizations need every advantage at their disposal to stay secure–starting with maximizing the tools they already have within their ecosystem. With the launch of Rapid7 MXDR’s SOC support for key Microsoft..." Read the blog here.

November 8, 2024

"Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management (TVM), you have asked your IT department for an assessment of the asset inventory in your organization..." Read the blog here.

November 4, 2024

With 2024 rapidly coming to a close, many of us here at Rapid7 are taking a step back, reflecting upon the successes and learnings of the last 12 months, and looking ahead to the challenges and opportunities we could jointly face in the year..." Read the blog here.

October 17, 2024

" In this post, we’ll delve into the process of discovering assets. We cannot secure what we cannot see so getting this piece right is foundational to the success of your ASM program. This blog will explore four different methods of asset..." Read the blog here.

September 22, 2024

"Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital infrastructure..." Read the blog here.

September 19, 2024

"Rapid7 is warning customers about several high-risk vulnerabilities in common enterprise technologies that are attractive potential attack targets for both state-sponsored and financially motivated adversaries. We are advising customers to prioritize..." Read the blog here.

August 22, 2024

"As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it's impossible to always know what's around the corner. It's not just about external threats and the big breaches splashed across the news..." Read the blog here.

August 12, 2024

"On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7. Rapid7 observed..." Read the blog here.

August 8, 2024

"Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products. However..." Read the blog here.

August 6, 2024

"Few issues keep cybersecurity professionals up at night more than the threat of ransomware. The ubiquity of targets, the relative organization of threat actors, and their multiple paths of entry make combating ransomware particularly formidable..." Read the blog here.

August 5, 2024

"As cybercrime and attack surfaces have sprawled, Rapid7 has been able to grow with our customers because we are relentlessly focused on relevance. The way we see it, relevance doesn’t mean aligning to market definitions of categories, but rather..." Read the blog here.

August 5, 2024

"Security and IT teams are experiencing a significant shift in operations as they become more distributed. Development and procurement processes have decentralized, and sensitive data now extends far beyond the network edge. This expansion..." Read the blog now.

July 24, 2024

"Rapid7 has recently observed an campaign targeting users searching for W2 forms using the Microsoft search engine Bing. Users are subsequently directed to a fake IRS website, enticing them to download their W2 form that ultimately..." Read the blog here.

June 27, 2024

"On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the suspicious behavior was emanating from the installation of Notezilla, a program that allows for the creation of sticky notes on a Windows desktop..." Read the blog here.

June 17, 2024

"Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams. The installers were being used to drop a backdoor identified as..." Read the blog here.

June 11, 2024

"Velociraptor is a robust  open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool  allows incident responders to effortlessly..." Read the blog here.

May 21, 2024

"Today, during our Take Command Summit, we released our 2024 Attack Intelligence Report, which pulls in expertise from our researchers, our detection and response teams, and threat intelligence teams..." Read Rapid7's Blog Here.

May 16, 2024

"Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains..." Read Rapid7's Blog Here.

May 16, 2024

"Organizations looking to address the skills gap and bring greater efficiency as their business grows and their attack surface sprawls are turning to MDR providers at an accelerated pace..." Read Rapid7's Blog Here.

May 16, 2024

"In the evolving world of artificial intelligence (AI), keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges that demand a robust management strategy..." Read Rapid7's Blog Here.

May 09, 2024

"Ransomware has evolved from opportunistic attacks to highly orchestrated campaigns driven by cyber criminals who are seeking high financial gains..." Read Rapid7's Blog Here.

May 08, 2024

"Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC). The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial wage gaps in Greater Boston..." Read Rapid7's Blog Here.

April 19, 2024

"Cybercrime has boomed to the third largest economy in the world behind the US and China (Cybernews), with much of the most nefarious behavior on the dark web..." Read Rapid7's Blog Here.

March 14, 2024

"At the 2024 Women Who Code She Rocks Awards, Rapid7 Software Engineer II Ciara Cullinan was recognized with their ‘Community Trailblazer’ award..." Read Rapid7's Blog Here.

March 07, 2024

"Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air..." Read Rapid7's Blog Here.

January 24, 2024

"Cyber risk is increasing both in volume and velocity. Given the landscape of threats, weaknesses, vulnerabilities, and misconfigurations, organizations, teams and vulnerability analysts alike need of better prioritization mechanisms..." Read Rapid7's Blog Here.

November 30, 2023

"It takes an average of 204 days for organizations to discover a breach, and from there an average of 73 days to contain it. With the average cost of a breach at an all time high of $4.45 million (IBM’s Cost of a Data Breach Report 2023), there’s an undeniable need for teams to enlist the right experts to quickly eradicate threats..." Read Rapid7's Blog Here.

November 29, 2023

"Digital transformation has created immense opportunity to generate new revenue streams, better engage with customers and drive operational efficiency..." Read Rapid7's Blog Here.

November 21, 2023

"It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, to say nothing of the increased budget scrutiny and constrained staff resources that continue to plague cybersecurity practitioners..." Read Rapid7's Blog Here.

November 16, 2023

"The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage..." Read Rapid7's Blog Here.

October 06, 2023

"This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques..." Read Rapid7's Blog Here.

September 29, 2023

"Nearly 70% of companies that are breached are likely to get breached again within twelve months (CPO). Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint..." Read Rapid7's Blog Here.

September 29, 2023

"A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, more policy coverage, and more..." Read Rapid7's Blog Here.

September 20, 2023

"This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. The report, which included 11 vulnerability risk management vendors, represented Rapid7's inclusion in the Wave report for vulnerability management..." Read Rapid7's Blog Here.

September 20, 2023

"Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary scale..." Read Rapid7's Blog Here

August 23, 2023

"When it comes to security vendor consolidation, Gartner found that 57% of organizations are working with fewer than ten security vendors, utilizing consolidation to cut costs and improve their overall security posture..." Read Rapid7's Blog Here.

August 22, 2023

"Ransomware-as-a-Service, or RaaS, has taken the threat landscape by storm — so much so that in 2023, the White House re-classified ransomware as a national security threat..." Read Rapid7's Blog Here.

August 01, 2023

"SecOps metrics can be a gold mine of potential for informing better business decisions, but 78% of CEOs say they don’t have adequate data on risk exposure to make good decisions. Even when they do see the right data, 82% are inclined to “trust their gut” anyway..." Read Rapid7's Blog Here.

July 06, 2023

"I've worked in cybersecurity for over two decades, so I've seen plenty of platforms come and go—some even crash and burn. But Rapid7, specifically InsightIDR, has consistently performed above expectations..." Read Rapid7's Blog Here.

June 28, 2023

"Central to our mission at Rapid7 is building long-term relationships with partners who deliver valuable security solutions to customers. As customers increasingly seek managed services to meet their security needs, we've eagerly expanded our partner ecosystem to support a rapidly growing body of Managed Security Service Provider (MSSP) partners..." Read Rapid7's Blog Here.

June 21, 2023

"It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management (CAASM) has received so much attention from security practitioners and leaders..." Read Rapid7's Blog Here.

May 18, 2023

"Rapid7 recognized as one of the top 13 vendors as a strong performer by the Forrester WaveTM for MDR, in Q2 2023..." Read Rapid7's Blog Here.

March 29, 2023

"Part 3: Confronting Security Fears to Control Cyber Risk Webinar..." Read Rapid7's Blog Here.

March 15, 2023

"The number one threat to cloud security is misconfiguration of resources, and frankly, it's not hard to understand why. The cloud is getting bigger, more tangled, and flat-out more unmanageable by the day..." Read Rapid7's Blog Here.

March 15, 2023

"Security teams must continuously contort their efforts to effectively respond to the growing volume of cyberthreats. These constantly shifting methods in the security operations center (SOC) can be difficult to manage in the face of emerging external threats—it can be like keeping multiple spinning plates in the air at once..." Read Rapid7's Blog Here.

March 14, 2023

"The healthcare industry is undergoing a transformational shift. Health organizations are traditionally entrenched in an on-prem way of life, but the past three years have plunged them into a digital revolution. A heightened demand for improved healthcare services—like distributed care and telehealth—ignited a major push for health orgs to move to the cloud, and as a result, implement new cloud security strategies..." Read Rapid7's Blog Here.

March 14, 2023

"In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact..." Read Rapid7's Blog Here.

March 08, 2023

"The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range of security concerns..." Read Rapid7's Blog Here.

February 28, 2023

"In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives enhance their cyber mission and vision statements to create a positive cybersecurity culture that permeates the business..." Read Rapid7's Blog Here.

February 22, 2023

"Security teams manage an average of 76 different tools. Breaches have gone from “s#&@!” to “inevitable.” That’s why we built Managed Threat Complete to address the reality of today’s threat environment. By 2025, Gartner says 50% of organizations will decide to partner with an MDR (Managed Detection and Response) service for 24x7 monitoring..." Read Rapid7's Blog Here.

February 16, 2023

"President Biden has announced his intent to appoint a group of highly qualified and diverse industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the President’s National Security Telecommunications Advisory Committee (NSTAC)..." Read Rapid7's Blog Here.

January 26, 2023

"Rapid7’s partner SCADAfence recently commissioned a survey of 3500 OT professionals. Among the findings, nearly 80% of respondents believe that human error presents the greatest risk for compromise to operational technology (OT) control systems..." Read Rapid7's Blog Here.

January 24, 2023

We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners..." Read Rapid7's Blog Here.

January 24, 2023

"We are happy to announce that Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating States, Local Governments, and Educational (SLED) institutions..." Read Rapid7's Blog Here.