Posts by Caitlin Condon

2 min Emergent Threat Response

CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products

Atlassian has published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting Jira service management products.

2 min Emergent Threat Response

Ransomware Campaign Compromising VMware ESXi Servers

Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.

3 min Emergent Threat Response

Exploitation of GoAnywhere MFT zero-day vulnerability

A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.

1 min Emergent Threat Response

Exploitation of Control Web Panel CVE-2022-44877

Security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877 in early January. Successful exploitation has since been observed in the wild.

1 min Vulnerability Risk Management

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.

5 min Emergent Threat Response

CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server

On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.

4 min Emergent Threat Response

Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite

Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched and four that are actively being exploited.

2 min Emergent Threat Response

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.

3 min Emergent Threat Response

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.

4 min Research

Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report

Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.

2 min Emergent Threat Response

CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel

On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel.

2 min Emergent Threat Response

Active Exploitation of Apache HTTP Server CVE-2021-40438

In September 2021, Apache released a fix for CVE-2021-40438, a critical SSRF vulnerability. Several sources now confirm they have seen exploit attempts in the wild.

8 min Metasploit

Announcing the 2021 Metasploit Community CTF

It’s time for another Metasploit community CTF! Our goal is to enable relationship building and knowledge sharing across the security community.

1 min Emergent Threat Response

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.

1 min Emergent Threat Response

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response (IR) and Managed Detection and Response (MDR) teams began seeing opportunistic exploitation of two unrelated CVEs targeting Zoho ManageEngine and Sitecore.