Category Archives: Rapid7

Microsoft Patch Tuesday, October 2022 Edition

Posted on by

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server. Continue reading Microsoft Patch Tuesday, October 2022 Edition

Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)

Posted on by

A still unpatched vulnerability (CVE-2022-41352) in Zimbra Collaboration is being exploited by attackers to achieve remote code execution on vulnerable servers. About the vulnerability Zimbra Collaboration (formerly Zimbra Collaboration Suite) is cloud… Continue reading Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)

Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)

Posted on by

QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage (NAS) devices and the vulnerability the attackers are exploiting (CVE-2022-27593). About CVE-2022-27593 CVE-2022-27… Continue reading Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)

Why it’s past time we operationalized cybersecurity

Posted on by

Enterprises are investing more in cybersecurity than ever before, but we’re also seeing a record number of breaches. More than 5.1 billion pieces of personal information were reported stolen last year, and the average cost of a breach has climbed to $4… Continue reading Why it’s past time we operationalized cybersecurity

Black Hat USA 2022 video walkthrough

Posted on by

In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal Security, Adaptive Shield, Airgap, Akamai, Anomali, Arctic Wolf Networks, Aris… Continue reading Black Hat USA 2022 video walkthrough

Open Cybersecurity Schema Framework project helps organizations detect and defend from cyberattacks

Posted on by

A coalition of cybersecurity and technology leaders announced an open-source effort to break down data silos that impede security teams. The Open Cybersecurity Schema Framework (OCSF) project, revealed at Black Hat USA 2022, will help organizations det… Continue reading Open Cybersecurity Schema Framework project helps organizations detect and defend from cyberattacks

Microsoft Patch Tuesday, August 2022 Edition

Posted on by

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections. Continue reading Microsoft Patch Tuesday, August 2022 Edition

Infosec products of the month: July 2022

Posted on by

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Aqua Security, Cato Networks, CertiK, CoSoSys, CyberArk, Darktrace, Deloitte, EnGenius, Flashpoint, Fusion Risk Management, G-Core Labs, Kingston Digi… Continue reading Infosec products of the month: July 2022