Rapid7 Archives - Help Net Security

Rapid7

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

May 13, 2022

A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …

Vulnerabilities and cyberattacks that marked the year 2021

April 4, 2022

Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals …

Infosec products of the month: March 2022

April 4, 2022

Here’s a look at the most interesting products from the past month, featuring releases from: Actiphy, Anomali, AvePoint, Ciphertex Data Security, Contrast Security, …

New infosec products of the week: April 1, 2022

April 1, 2022

Here’s a look at the most interesting products from the past week, featuring releases from CRITICALSTART, MetricStream, Nebulon, Rapid7, SEON, and Veriff. Rapid7 introduces …

Spring4Shell: No need to panic, but mitigations are advised

March 31, 2022

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

Rapid7 introduces cloud workload protection in InsightCloudSec

March 30, 2022

Rapid7 announced new cloud workload protection capabilities for InsightCloudSec, the company’s fully-integrated cloud-native security platform (CNSP). These enhancements, …

It’s time to patch your SonicWall SMA 100 series appliances again!

December 9, 2021

SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although …

Lightspin adds four executive members to its Advisory Board and Board of Directors

November 10, 2021

Lightspin announced the addition of four strategic executive members to its advisory board and board of directors: Guarav Kumar, Srinath Kuruvadi, Steve Pugh, and Ron Zoran. …

deepwatch appoints two cybersecurity industry executives to Board of Advisors

October 8, 2021

deepwatch announced the appointment of two prominent cybersecurity industry executives to its newly formed board of advisors, which will provide support and guidance for …

Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

September 22, 2021

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. “This vulnerability can be …

Vulnerabilities allow attackers to remotely deactivate home security system (CVE-2021-39276, CVE-2021-39277)

September 2, 2021

A DiY home security system sold to families and businesses across the US sports two vulnerabilities (CVE-2021-39276, CVE-2021-39277) that, while not critical, “are …

Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection

August 17, 2021

An unpatched vulnerability in the management interface for FortiWeb, Fortinet’s web application firewall, could allow a remote, authenticated attacker to execute …

Rapid7

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

Vulnerabilities and cyberattacks that marked the year 2021

Infosec products of the month: March 2022

New infosec products of the week: April 1, 2022

Spring4Shell: No need to panic, but mitigations are advised

Rapid7 introduces cloud workload protection in InsightCloudSec

It’s time to patch your SonicWall SMA 100 series appliances again!

Lightspin adds four executive members to its Advisory Board and Board of Directors

deepwatch appoints two cybersecurity industry executives to Board of Advisors

Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

Vulnerabilities allow attackers to remotely deactivate home security system (CVE-2021-39276, CVE-2021-39277)

Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection

Don't miss

Why are current cybersecurity incident response efforts failing?

Verizon 2022 DBIR: External attacks and ransomware reign

How to navigate GDPR complexity

Account pre-hijacking attacks possible on many online services

RansomHouse: Bug bounty hunters gone rogue?