Posts by boB Rudis

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

3 min News

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

2 min News

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

Cisco has released security updates to address vulnerabilities in most of their product portfolio.

3 min News

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.

4 min News

State-Sponsored Threat Actors Target Security Researchers

On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.

5 min News

Update on SolarWinds Supply-Chain Attack: SUNSPOT, SUNSHUTTLE and New Malware Family Associations

New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.

4 min Research

Rapid7 Labs’ 2020 Naughty List Summary Report to Santa

Your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe.

7 min News

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.

2 min Emergent Threat Response

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community [https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of active exploitation attempts of CVE-2020-3992 [https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability] and/or CVE-2019-5544 [https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details] , which are remote code execution (RCE) vulnerabili

2 min News

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.

3 min Vulnerability Management

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.

3 min Vulnerability Management

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.

3 min Research

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.