Posts tagged Emergent Threat Response

3 min News

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.

2 min News

Codecov Discloses Supply Chain Compromise

On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.

5 min News

Attackers Targeting Fortinet Devices and SAP Applications

CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

5 min News

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR [https://www.rapid7.com/products/insightidr/]’s Attacker Behavior Analytics (ABA).  The Managed Detection and Response (MDR) identified multiple, related compromises in the past 72 hours. In most cases, the attacker is uploading an “eval” webshell, commonly referred to as a “chopper” or “China chopper”. With this foothold, the attacker would then

3 min News

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

3 min News

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.

2 min Emergent Threat Response

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community [https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of active exploitation attempts of CVE-2020-3992 [https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability] and/or CVE-2019-5544 [https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details] , which are remote code execution (RCE) vulnerabili

2 min News

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.

3 min Vulnerability Management

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.

3 min Vulnerability Management

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Microsoft released a patch for BSoD + RCE CVE-2020-16898 ("Bad Neighbor") in the October 2020 Patch Tuesday vulnerability disclosures along with Juniper releasing CVE-2020-1656 the same week.

3 min Research

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.