4 min
News
State-Sponsored Threat Actors Target Security Researchers
On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.
5 min
News
Update on SolarWinds Supply-Chain Attack: SUNSPOT, SUNSHUTTLE and New Malware Family Associations
New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.
4 min
Research
Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
Your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe.
7 min
Vulnerability Management
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.
2 min
Emergent Threat Response
VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know
What’s up?
On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community
[https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of
active exploitation attempts of CVE-2020-3992
[https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability]
and/or CVE-2019-5544
[https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details]
, which are remote code execution (RCE) vulnerabili
2 min
News
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.
3 min
Vulnerability Management
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.
3 min
Vulnerability Management
There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")
Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.
3 min
Research
PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs
Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.
2 min
News
HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know
HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.
3 min
Vulnerability Management
Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know
On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.
3 min
Vulnerability Management
CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know
On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.
4 min
Vulnerability Management
Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know
On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.
3 min
Vulnerability Disclosure
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.
6 min
Verizon DBIR
Dancing With the Breaches: A Quick Step Through the 2020 Verizon Data Breach Investigations Report (DBIR)
In this blog, the Rapid7 Labs team has you covered with our annual Reader’s Guide for the 2020 Verizon Data Breach Investigations Report.