Posts tagged Vulnerability Management

3 min Emergent Threat Response

CVE-2023-34362: MOVEit Vulnerability Timeline of Events

Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.

10 min Vulnerability Management

Patch Tuesday - June 2023

No zero-day vulns this month. PGM & .NET/Visual Studio critical RCEs. SharePoint EoP. Exchange RCEs.

2 min Emergent Threat Response

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.

3 min Emergent Threat Response

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.

8 min Emergent Threat Response

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

2 min Emergent Threat Response

Widespread Exploitation of Zyxel Network Devices

Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.

9 min Vulnerability Management

Patch Tuesday - May 2023

A relatively light 49 vulnerabilities patched in May 2023, including a new entry method for BlackLotus bootkit malware.

4 min InsightVM

Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem

Rapid7 Insight Agent and InsightVM Scan Assistant can improve visibility into your environment. This article explores how and when to use each.

12 min Vulnerability Management

Patch Tuesday - April 2023

114 vulnerabilities patched, including a zero-day driver-based LPE. Message Queueing Service RCE. End of support for 2013 products.

8 min Vulnerability Management

Using InsightVM Remediation Projects To Ensure Accountability

In this blog, we look at two types of console-driven reports and two types of cloud-driven reports (projects)—and how you might use them.

3 min Vulnerability Management

What’s New in InsightVM and Nexpose: Q1 2023 in Review

In Q1, we focused driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance.

11 min Vulnerability Management

Patch Tuesday - March 2023

Microsoft March 2023 Patch Tuesday fixes 101 security issues, including a Critical zero-day vulnerability in Outlook which has been exploited by Russia-based actors against European government & critical infrastructure targets.

4 min Vulnerability Management

Vulnerability Management vs. Vulnerability Assessment

Vulnerability assessment (VA) and vulnerability management (VM) are two of the best ways to protect your enterprise against threats, but these terms are often used incorrectly

4 min Emergent Threat Response

Active Exploitation of ZK Framework CVE-2022-36537

Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.

2 min Research

A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report

We’re excited to release Rapid7’s 2022 Vulnerability Intelligence Report—a deep dive into 50 of the most notable vulnerabilities our research team investigated throughout the year.