Posts tagged News

3 min News

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.

3 min News

Rapid7 and Velociraptor Join Forces

Rapid7 has acquired a digital forensics and incident response (DFIR) framework called Velociraptor.

2 min News

Codecov Discloses Supply Chain Compromise

On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.

5 min News

Attackers Targeting Fortinet Devices and SAP Applications

CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

5 min News

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR [https://www.rapid7.com/products/insightidr/]’s Attacker Behavior Analytics (ABA).  The Managed Detection and Response (MDR) identified multiple, related compromises in the past 72 hours. In most cases, the attacker is uploading an “eval” webshell, commonly referred to as a “chopper” or “China chopper”. With this foothold, the attacker would then

3 min News

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.

2 min News

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.

2 min News

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

Cisco has released security updates to address vulnerabilities in most of their product portfolio.

3 min News

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.

2 min Rapid7 Perspective

Rapid7 Acquires Leading Kubernetes Security Provider, Alcide

We at Rapid7 are happy to announce that we have acquired Alcide, a leader in Kubernetes security based in Tel Aviv, Israel.

4 min News

State-Sponsored Threat Actors Target Security Researchers

On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.

5 min News

Update on SolarWinds Supply-Chain Attack: SUNSPOT, SUNSHUTTLE and New Malware Family Associations

New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.

7 min News

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.