Posts tagged Vulnerability Management

2 min Emergent Threat Response

CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls

On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.

13 min Patch Tuesday

Patch Tuesday - April 2024

One late-breaking zero-day vuln. Defender for IoT critical RCEs. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE and Vector String Source to advisories.

2 min Vulnerability Management

Rapid7 offers continued vulnerability coverage in the face of NVD delays

Recently, the US National Institute of Standards and Technology (NIST) announced on the National Vulnerability Database (NVD) site [] that there would be delays in adding information on newly published CVEs. NVD enriches CVEs with basic details about a vulnerability like the vulnerability’s CVSS score, software products impacted by a CVE, information on the bug, patching status, etc. Since February 12th, 2024, NVD has largely stopped enriching vulnerabilities. Given the bro

8 min Vulnerability Management

Patch Tuesday - March 2024

No zero-day vulns this month. A single critical RCE: Hyper-V guest escape. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes Service Confidential Containers. Windows 11 compressed folders.

3 min Vulnerability Management

High-Risk Vulnerabilities in ConnectWise ScreenConnect

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier.

9 min Patch Tuesday

Patch Tuesday - February 2024

Windows SmartScreen & Internet Shortcut EitW. Office Protected Mode bypass. Exchange critical elevation of privilege.

2 min Emergent Threat Response

Critical Fortinet FortiOS CVE-2024-21762 Exploited

CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored and other motivated adversaries.

5 min Vulnerability Management

Whispers of Atlantida: Safeguarding Your Digital Treasure

Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, and uses several evasion techniques such as reflective loading and injection before the stealer is loaded.

7 min Patch Tuesday

Patch Tuesday - January 2024

Hyper-V critical RCE. Office FBX 3D model vuln. SharePoint RCE. Critical Kerberos MitM. No zero-days. Smallest January PT for several years.

5 min Vulnerability Management

Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response

The convergence of operational technology (OT) and information technology (IT) has ushered in new efficiencies but has also exposed vulnerabilities. This article explores the pivotal role of Vulnerability Management and Detection and Response (VM/DR) in the realm of Industrial Cybersecurity.

6 min Vulnerability Management

Patch Tuesday - December 2023

AMD divide-by-zero-day information disclosure. No-interaction MSHTML Outlook critical RCE. Double ICS critical RCE. Fewer patches for fewer products than usual.

9 min Patch Tuesday

Patch Tuesday - November 2023

Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.NET. Overall fewer patches than usual. cURL patch.

3 min Azure

Setup of Discovery Connection Azure

Are you having trouble trying to get your Azure assets into your InsightVM security console? This blog will help you get started with assessing your Azure virtual machines in InsightVM.

12 min Patch Tuesday

Patch Tuesday - October 2023

Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.

4 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q3 2023 in Review

In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.