Rapid7 - News, Features, and Slideshows


  • OpenSSL fixes serious flaw that could enable man-in-the-middle attacks

    A flaw in the widely used OpenSSL library could allow man-in-the-middle attackers to impersonate HTTPS servers and snoop on encrypted traffic. Most browsers are not affected, but other applications and embedded devices could be.

    Written by Lucian Constantin10 July 15 01:39
  • 7 things to do when your business is hacked

    The first thing an IT security executive should do after the corporate network has been breached is fall back on the incident response plan that was put in place well before attackers got through the carefully constructed defenses.

    Written by Tim Greene22 June 15 20:29
  • Android stock browser vulnerable to URL spoofing

    A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.

    Written by Lucian Constantin21 May 15 02:01
  • Microsoft's patch info 'blockade' pinches security staffs

    Security experts yesterday were still frustrated about Microsoft's decision last month to halt advance warnings of each month's patch slate, with one calling it a "blockade" and another arguing that it makes it difficult for IT administrators to do their job.

    Written by Gregg Keizer12 Feb. 15 04:33
  • Google stops patching core Android component in 60% of devices

    Google has stopped patching a core component of Android in versions older than v. 4.4, aka "KitKat," a security researcher said today, as he urged the company to reconsider the policy that could leave more than 60% of all Android users vulnerable to future attacks.

    Written by Gregg Keizer13 Jan. 15 08:14
  • OpenSSL patches eight new vulnerabilities

    Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.

    Written by Lucian Constantin10 Jan. 15 05:04
  • Microsoft abruptly dumps public Patch Tuesday alerts

    For the first time in a decade, Microsoft today did not give all customers advance warning of next week's upcoming Patch Tuesday slate. Instead, the company suddenly announced it is dropping the public service and limiting the alerts and information to customers who pay for premium support.

    Written by Gregg Keizer09 Jan. 15 09:07
  • Patch Tuesday: Windows, Internet Explorer need critical patches

    Windows and Internet Explorer need critical patches this month, according to Microsoft's advanced <a href="">notification</a> about Patch Tuesday bulletins for Oct. 14.

    Written by Tim Greene10 Oct. 14 09:07