Posts tagged Vulnerability Risk Management

2 min Emergent Threat Response

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community [https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of active exploitation attempts of CVE-2020-3992 [https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability] and/or CVE-2019-5544 [https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details] , which are remote code execution (RCE) vulnerabili

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.

3 min Vulnerability Management

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.

5 min InsightVM

Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder

During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.

4 min Vulnerability Management

Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know

On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.

4 min Vulnerability Management

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.

3 min Vulnerability Risk Management

Meet AttackerKB

Meet AttackerKB: a new community-driven resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.

2 min Vulnerability Management

Active Exploitation of Unpatched Windows Font Parsing Vulnerability

Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).

3 min Vulnerability Risk Management

CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis

Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.

2 min Vulnerability Management

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.

4 min InsightVM

Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams

If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.

5 min Vulnerability Risk Management

Challenges and Best Practices with Vulnerability Risk Management Collaboration

We sat down with VRM professionals to discuss best practices, challenges, and personal approaches to make vulnerability risk management a priority.