Rapid7 – Page 13 – WindowsTechs.com

Decrypted: Chegg’s third time unlucky, Okta’s new CSO Rapid7 beefs up cloud security

Posted on May 4, 2020 by Zack Whittaker

Ransomware is getting sneakier and smarter. The latest example comes from ExecuPharm, a little-known but major outsourced pharmaceutical company that confirmed it was hit by a new type of ransomware last month. The incursion not only encrypted the company’s network and files, hackers also exfiltrated vast amounts of data from the network. The company was […] Continue reading Decrypted: Chegg’s third time unlucky, Okta’s new CSO Rapid7 beefs up cloud security→

Rapid7 to acquire DivvyCloud to help enterprises accelerate innovation

Posted on April 29, 2020 by Industry News

Rapid7, a leading provider of security analytics and automation, announced that it has entered into a definitive agreement to acquire DivvyCloud, a leader in Cloud Security Posture Management (CSPM). Under the terms of agreement, Rapid7 will acquire Di… Continue reading Rapid7 to acquire DivvyCloud to help enterprises accelerate innovation→

Rapid7 is acquiring DivvyCloud for $145M to beef up cloud security

Posted on April 28, 2020 by Ron Miller

Rapid7 announced today after the closing bell that it will be acquiring DivvyCloud, a cloud security and governance startup for $145 million in cash and stock. With Divvy, the company moves more deeply into the cloud, something that Lee Weiner, chief innovation officer says the company has been working towards, even before the pandemic pushed […] Continue reading Rapid7 is acquiring DivvyCloud for $145M to beef up cloud security→

In search of a B.S. filter for software bugs

Posted on April 15, 2020 by Sean Lyngaas

An organization can’t — and shouldn’t — care about each of the thousands of software vulnerabilities that are made public each year. A bug in a public-facing web browser probably won’t matter a lick for the control systems at an energy plant; an accounting firm can ignore a vulnerability in industrial computers it doesn’t use. Yet for some organizations, it’s an ongoing struggle to understand how a software bug might impact their business. On Wednesday, cybersecurity company Rapid7 took a stab at the issue by going public with a project that uses crowd-sourced feedback to rate vulnerabilities. The company invited security professionals of all stripes to use a web platform, known as Attacker Knowledge Base (KB), to assess the impact of a vulnerability to an organization, starting with a simple question: What could a malicious hacker do with the bug? The answers rate how easy it would be for a hacker to weaponize a vulnerability or what level of […]

The post In search of a B.S. filter for software bugs appeared first on CyberScoop.

Continue reading In search of a B.S. filter for software bugs→

Actively exploited MS Exchange flaw present on 80% of exposed servers

Posted on April 8, 2020 by Zeljka Zorz

Attackers looking to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don’t have to look hard to find a server they can attack: according to an internet-wide scan performed by Rapid7 researchers, th… Continue reading Actively exploited MS Exchange flaw present on 80% of exposed servers→

Photo gallery: Black Hat USA 2019, part two

Posted on August 8, 2019 by Help Net Security

Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Bugcrowd, Sumo Logic, Devo Technology, Akamai, Rapid7, Qualys, Irdeto.
The post Photo gallery: Black Hat USA 2019, part two a… Continue reading Photo gallery: Black Hat USA 2019, part two→

DHS warns of vulnerability that could be used to alter flight data in small planes

Posted on July 30, 2019 by Sean Lyngaas

An insecure networking standard could allow a hacker with physical access to a small aircraft to trick the plane’s equipment into giving false readings of critical flight data, according to a warning from the Department of Homeland Security. The vulnerability, discovered by cybersecurity company Rapid7, is in the implementation of CAN bus, a popular networking standard that allows communication between microcontrollers in planes, cars and other machinery. A hacker would need physical access to carry out the hypothetical attack, which involves attaching a device to the plane’s CAN bus to insert false data. Engine readings, altitude and airspeed are among the data that could be manipulated, according to Rapid7 researcher Patrick Kiley. Kiley said the aviation sector is lagging in securing CAN bus networks because of an apparent reliance on physical security. Because the assumption is that hackers won’t get physical access to airplanes, “the increased perceived physical security of […]

The post DHS warns of vulnerability that could be used to alter flight data in small planes appeared first on CyberScoop.

Continue reading DHS warns of vulnerability that could be used to alter flight data in small planes→

Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets

Posted on July 11, 2019 by Zeljka Zorz

We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been exploiting them to inject payment card skimming scripts into websites. The problem… Continue reading Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets→

Photos: Infosecurity Europe 2019 expo floor

Posted on June 6, 2019 by Help Net Security

Infosecurity Europe 2019 is taking place this week in London. Here’s a view of the expo floor, the featured vendors include: Qualys, Anomali, Wandera, Proofpoint, AlgoSec, Rapid7, Redscan, Splunk.
The post Photos: Infosecurity Europe 2019 expo fl… Continue reading Photos: Infosecurity Europe 2019 expo floor→

Election tech vendors say they’re securing their systems. Does anyone believe them?

Posted on April 24, 2019 by Greg Otto

The last few years have been an awakening for Election Systems & Software. Before 2016, very few people were publicly pressing the company to change the way it handled its cybersecurity practices. Now, the nation’s leading manufacturer of election technology has become a lightning rod for critics. Security experts say the small number of companies that dominate the nation’s election technology market, including ES&S, have failed to acknowledge and remedy vulnerabilities that lie in systems used to hold elections across the country. Once left to obscurity, the entire ecosystem has been called into question since the Russian government was found to have interfered with the 2016 presidential campaign. While there has never been any evidence to suggest that any voting machines were compromised, the Department of Homeland Security and FBI recently issued a memo that all 50 states were at least targeted by Russian intelligence. The peak of the criticism came after the Voting Village exhibition […]

The post Election tech vendors say they’re securing their systems. Does anyone believe them? appeared first on CyberScoop.

Continue reading Election tech vendors say they’re securing their systems. Does anyone believe them?→