2 min
Research
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
Rapid7 research has found that nearly 19,000 ESXi servers likely remain vulnerable to CVE-2021-21974, which is being exploited in the ESXiArgs campaign.
1 min
Android
Leaked Android Platform Certificates Create Risks for Users
A new report contains 10 different platform certificates and malware sample SHA256 sums where the malware sample had been signed by a platform certificate.
3 min
Emergent Threat Response
CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"
UPDATE 10/18/22: A previous version of this blog indicated that five JDK
versions (JDK 15+) were not impacted due to the exclusion of the Nashorn
JavaScript engine. However, an updated PoC
[https://twitter.com/pwntester/status/1582321752566161409]came out that uses the
JEXL engine as an exploit path. If JEXL is present, the code executes
successfully, so this issue can be exploited on any JDK where a relevant engine
can be leveraged.
CVE-2022-42889, which some have begun calling “Text4Shell,”
6 min
Ransomware
Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense
Last month, the Institute for Security and Technology’s Ransomware Task Force launched the Blueprint for Ransomware Defense.
1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
5 min
Russia-Ukraine Conflict
8 Tips for Securing Networks When Time Is Scarce
In light of increased cyber risk surrounding the Russia-Ukraine conflict, we’ve put together 8 tips that defenders can take right now to prepare.
5 min
Hacky Holidays 2021
Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List
Like many organizations with big data problems, Santa has turned to machine learning to help him sort through his naughty and nice lists.
5 min
Ransomware
The Ransomware Killchain
How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.
8 min
Ransomware
Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever
Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.
6 min
Detection and Response
Why the Robot Hackers Aren’t Here (Yet)
Over the years, we’ve seen security in general and vulnerability discovery in particular move from a risky, shady business to massive corporate-sponsored activities with open marketplaces for bug bounties.
2 min
Emergent Threat Response
SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know
On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.
8 min
Emergent Threat Response
CVE-2021-34527 PrintNightmare: What You Need to Know
Vulnerability note: This blog originally referenced CVE-2021-1675, but members
of the community noted the week of June 29 that the publicly available exploits
that purported to exploit CVE-2021-1675 may in fact have been targeting a new
vulnerability in the same function as CVE-2021-1675. This was later confirmed,
and Microsoft issued a new CVE for what the research community originally
thought was CVE-2021-1675. Defenders should now follow guidance and remediation
information on the new vulnera