Security News

Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositories for internal tooling for our service was accessed by an unauthorized party outside of Rapid7," the Boston-based firm said in a disclosure.

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool. Only internal credentials and tooling source code accessed.

Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach. Enterprise security vendor Rapid7 says it was among the victims of the Codecov software supply chain attack and warned Thursday that data for a subset of its customers was accessed in the breach.

Under this partnership, Medigate's IoT security platform will integrate with Rapid7 InsightVM and Nexpose vulnerability management systems, allowing HDOs, clinics and other HIPAA-covered entities a secure way to manage connected assets. "Todd Felker, director of information security at Torrance Memorial Medical Center commented,"The integration between Rapid7 and Medigate is crucial and helps on both fronts.

IO. This is the second acquisition Rapid7 has made in the cloud security market in the past nine months, having acquired DivvyCloud, a leader in Cloud Security Posture Management this past April. Together, these acquisitions will enhance Rapid7's ability to provide a cloud native security platform to its customers and facilitate continuous management of risk and compliance across their cloud environments.

Under the terms of agreement, Rapid7 will acquire DivvyCloud for a total purchase price of approximately $145 million, subject to adjustments, to be paid in cash and stock. "We are thrilled to welcome DivvyCloud, its customers, and the entire DivvyCloud team to the Rapid7 family," said Corey Thomas, chairman and CEO, Rapid7.

Boston-based security analytics and automation solutions provider Rapid7 said on Tuesday that it has agreed to acquire DivvyCloud, a provider of security and compliance automation solutions for public cloud and container infrastructure. Rapid7 will pay roughly $145 million in cash and stock to acquire the company.

Rapid7 has launched an open beta of AttackerKB, a community-sourced knowledge base of the latest vulnerabilities. Announcing the beta version in January 2020, Rapid7's Metasploit R&D manager Caitlin Condon, blogged, "When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar triage process: Is the bug pervasive, exploitable, or both? Is it worth dropping everything to patch or mitigate? Is the expected shelf life long enough that it's worth developing an exploit for? Or is it actually...not useful or interesting?".

An easy-to-exploit local privilege escalation vulnerability has been found and patched in Rapid7’s InsightIDR intruder analytics solution, a researcher revealed on Monday. read more

Rapid7 on Friday announced the release of Metasploit 5.0. The latest major version of the popular penetration testing framework introduces several new important features, improved performance, and...