Rapid7

Spoofing (noun) /spōōfiNG/: A lot like deking, according to Ray Bourque. 🥸 When a threat actor disguises their messaging to look like a trusted, authorized source, it really can be as simple as “watching their hips” to shut 'em down – for good. Take command with Rapid7: r-7.co/41rljRh | Boston Bruins

All over the globe, Rapid7 employees have been busy enjoying the holiday season! 🧡 We're already looking forward to what 2025 has in store. #Rapid7Life

👇 A quick glimpse into what caught the eyes of Rapid7 Labs in 2024. 👀 A full round-up of statistics and trends, spanning ransomware, initial access vectors, common malware strains, notable CVE exploitation, and more from 2024 can be found here 👉 https://r-7.co/3DlZbOA

In a world where cyber threats don't take holidays, Chemung Canal Trust Company finds solace in a partnership offering advanced technology and unwavering human support. For CISO Christopher C. and his team, Rapid7 is more than just a service provider. Learn how the company has fortified its defenses: https://r-7.co/3P2CCkq ⚔️

7 videos, each under 7 minutes, ALL about #cybersecurity today. Introducing the Magnificent7 miniseries! 🎬💥 🎤 Rapid7's David Brookes-Smith and Shilan Aliyali are your hosts. They'll be delivering bite-sized insights around security strategies that drive business agility & competitiveness – from meeting regulatory compliance, to effective cross-functional teaming, and beyond. 🔐 ▶️ Catch the first episode below, then check out the full miniseries on Rapid7's YouTube: https://r-7.co/4fFXaKB

RE: #Apache #Struts 2 CVE-2024-53677 — a good chunk of the public info on this vulnerability seems to be straight-up wrong, but to be fair, it's pretty confusing. The highlights, with a big hat tip to Rapid7's Ryan Emmons 👇 * Updating to 6.4.0 (or later versions) does not remediate the vulnerability. Code-level changes are required to migrate away from using the vulnerable file upload interceptor. This may come as a surprise to many orgs. * Payloads need to be customized to the target, which means broad "spray and pray" attacks aren't going to be successful in almost any case. * Ongoing "exploitation" in the wild appears to simply be unsuccessful attempts, much like for last year's CVE-2023-50164 (which still hasn't been used against production systems successfully as far as we can tell). * While Struts is popular and there *may* be some legacy applications that are remotely exploitable out of the box, we haven't seen any yet — and if CVE-2023-50164 is any indication, we probably won't. * This is all very similar to Struts CVE-2023-50164, with the notable exception that remediation of CVE-2024-53677 is significantly more difficult. CVE-2024-53677 analysis: https://lnkd.in/eZNnwrCf

Last week, Rapid7 employees attended the Massachusetts Conference for Women. 🧡 We’re a proud, long-time sponsor of #MassWomen, which provides connection, inspiration & more for thousands of women each year. #PowerInUnity #Rapid7Life

Check out every new release and update across our products and services, all aimed to give security professionals a holistic, actionable view of their entire attack surface. 🔍🛡️ 👀 Stay tuned for more in the new year!

How are you planning to tackle 2025? Get a head start on planning for the next year with Rapid7's annual predictions webinar, now available on demand. Plus, find the top 3 predictions from the session 👉 https://r-7.co/4g8wLpD

The end of a year often ignites self-reflection, especially in the workforce during annual performance reviews. ✍️ In male-dominated industries, women often face challenges that make self-advocacy feel uncomfortable. Sam Keay, CP APMP, Global Manager of Proposal Strategy; Deal Pursuit Operations, shares strategies that have helped her navigate and excel in self-advocacy while working in tech. Check them out 👉 https://r-7.co/41y1TKP