Posts tagged Vulnerability Management

12 min Patch Tuesday

Patch Tuesday - October 2023

Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.

4 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q3 2023 in Review

In this article, we'll take a look at some of the key updates in InsightVM and Nexpose from Q3.

3 min InsightVM

Introducing Active Risk

Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.

3 min Vulnerability Management

Rapid7 doubles down on a platform approach for Vulnerability Risk Management

This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023.

8 min Patch Tuesday

Patch Tuesday - September 2023

A relatively light month. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.

3 min Emergent Threat Response

Exploitation of Juniper Networks SRX Series and EX Series Devices

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.

7 min Vulnerability Management

What's New in CVSS v4

CVSS v4 ushers in some meaningful improvements wrapped in a bit of nuanced complexity, especially if you’re a vendor or threat researcher.

9 min Vulnerability Management

Patch Tuesday - August 2023

ASP.NET zero-day vuln. Teams malicious meetings. MSMQ critical RCE. Patches & a makeover for last month's unpatched zero-day vuln.

6 min Vulnerability Disclosure

CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability

Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).

5 min Vulnerability Disclosure

CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]

Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.

2 min Emergent Threat Response

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.

8 min Research

Old Blackmoon Trojan, NEW Monetization Approach

Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.

2 min Emergent Threat Response

SonicWall Recommends Urgent Patching for GMS and Analytics CVEs

SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.

12 min Vulnerability Management

Patch Tuesday - July 2023

Five zero-day vulns, including an Office maldoc attack with no patch yet and a SmartScreen bypass. Eight critical RCEs, and 130 total vulns. Busier than recent months.

7 min Vulnerability Disclosure

CVE-2023-29298: Adobe ColdFusion Access Control Bypass

Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.