42 min
News
Russia-Ukraine Cybersecurity Updates
This ongoing blog provides the need-to-know updates in cybersecurity and threat intelligence relating to the Russia-Ukraine conflict.
5 min
Emerging Threats
Staying Secure in a Global Cyber Conflict
Now that Russia has begun its armed invasion of Ukraine, we should expect increasing risks of cybersecurity attacks and incidents, either as spillover from cyberattacks targeting Ukraine or direct attacks against actors supporting Ukraine.
3 min
Cybersecurity
The Cybersecurity Skills Gap Is Widening: New Study
A new study reveals organizations are having serious trouble sourcing top-tier cybersecurity talent — despite their need to fill these roles growing more urgent by the day.
3 min
Emergent Threat Response
Microsoft SAM File Readability CVE-2021-36934: What You Need to Know
CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.
3 min
News
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.
3 min
News
Rapid7 and Velociraptor Join Forces
Rapid7 has acquired a digital forensics and incident response (DFIR) framework called Velociraptor.
2 min
News
Codecov Discloses Supply Chain Compromise
On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.
5 min
News
Attackers Targeting Fortinet Devices and SAP Applications
CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.
5 min
News
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."
4 min
News
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.
5 min
News
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the
exploitation of Microsoft Exchange through existing detections in InsightIDR
[https://www.rapid7.com/products/insightidr/]’s Attacker Behavior Analytics
(ABA). The Managed Detection and Response (MDR) identified multiple, related
compromises in the past 72 hours. In most cases, the attacker is uploading an
“eval” webshell, commonly referred to as a “chopper” or “China chopper”. With
this foothold, the attacker would then
3 min
News
Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products
On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.
2 min
News
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.
2 min
News
Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products
Cisco has released security updates to address vulnerabilities in most of their product portfolio.
3 min
News
SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know
2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.