Posts tagged Emergent Threat Response

5 min News

Attackers Targeting Fortinet Devices and SAP Applications

CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

5 min News

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR [https://www.rapid7.com/products/insightidr/]’s Attacker Behavior Analytics (ABA).  The Managed Detection and Response (MDR) identified multiple, related compromises in the past 72 hours. In most cases, the attacker is uploading an “eval” webshell, commonly referred to as a “chopper” or “China chopper”. With this foothold, the attacker would then

3 min News

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

On Feb. 24, 20201, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

3 min News

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.

2 min Emergent Threat Response

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community [https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of active exploitation attempts of CVE-2020-3992 [https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability] and/or CVE-2019-5544 [https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details] , which are remote code execution (RCE) vulnerabili

2 min News

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.

3 min Vulnerability Management

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.

3 min Vulnerability Management

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.

3 min Research

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.

2 min News

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

HP released a security bulletin on Sept. 25, 2020, disclosing a set of vulnerabilities in HP Device Manager.

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.

3 min Vulnerability Management

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.

3 min Vulnerability Management

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

On July 22, Cisco released a patch for a high-severity read-only patch traversal vulnerability in its Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.

4 min Vulnerability Management

Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know

On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.

4 min Vulnerability Management

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.

3 min Vulnerability Disclosure

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.

5 min Research

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

On April 22, Sophos received a report documenting a suspicious field value visible in the management interface of an XG Firewall.

3 min Vulnerability Risk Management

CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis

Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.

2 min Vulnerability Management

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.