Emergent Threats

Staying Secure in a Global Cyber Conflict

Now that Russia has begun its armed invasion of Ukraine, we should expect increasing risks of cybersecurity attacks and incidents, either as spillover from cyberattacks targeting Ukraine or direct attacks against actors supporting Ukraine.

Read Now 5m

Active Exploitation of VMware Horizon Servers

Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.

Read Now 4m

Using InsightVM to Find Apache Log4j CVE-2021-44228

How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.

Read Now 8m

Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s log4j Java library (a.k.a. Log4Shell).

Read Now 3m

Driver-Based Attacks: Past and Present

In our analysis of CVE-2021-21551, a write-what-where vulnerability in a Dell driver, we found that Dell’s update didn’t fix the write-what-where condition but only limited access to administrative users.

Read Now 7m

Widespread Exploitation of Critical Remote Code Execution in Apache Log4j

On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical RCE vulnerability that is being exploited in the wild.

Read Now 15m

Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices

On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.

Read Now 2m

Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution

Zoho customers have had a huge incentive lately to keep their software up to date, as recent Zoho critical vulnerabilities have been weaponized shortly after release by advanced attackers.

Read Now 2m

Ongoing Exploitation of Windows Installer CVE-2021-41379

On November 22, 2021, security researcher Abdelhamid Naceri found that Microsoft's initial patch for CVE-2021-41379 did not remediate the vulnerability.

Read Now 2m

Active Exploitation of Apache HTTP Server CVE-2021-40438

In September 2021, Apache released a fix for CVE-2021-40438, a critical SSRF vulnerability. Several sources now confirm they have seen exploit attempts in the wild.

Read Now 2m

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.

Read Now 1m

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response (IR) and Managed Detection and Response (MDR) teams began seeing opportunistic exploitation of two unrelated CVEs targeting Zoho ManageEngine and Sitecore.

Read Now 1m

New NPM library hijacks (coa and rc)

A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.

Read Now 1m

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper [https://www.trojansource.codes/trojan-source.pdf] on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different languages—to trick compilers into emitting binaries that do not actually match the logic visible in source code. In other words, what a developer or secu

Read Now 4m

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.

Read Now 2m