Posts by Caitlin Condon

8 min Metasploit

Announcing the 2021 Metasploit Community CTF

It’s time for another Metasploit community CTF! Our goal is to enable relationship building and knowledge sharing across the security community.

1 min Emergent Threat Response

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.

1 min Emergent Threat Response

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response (IR) and Managed Detection and Response (MDR) teams began seeing opportunistic exploitation of two unrelated CVEs targeting Zoho ManageEngine and Sitecore.

1 min Emergent Threat Response

New NPM library hijacks (coa and rc)

A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.

3 min Emergent Threat Response

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.

2 min Emergent Threat Response

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.

4 min Emergent Threat Response

ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers

As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.

5 min Emergent Threat Response

PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS

Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”

3 min Emergent Threat Response

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.

2 min Emergent Threat Response

CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability

On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010 [https://www.vmware.com/security/advisories/VMSA-2021-0010.html], which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. Succe

3 min News

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.

5 min News

Attackers Targeting Fortinet Devices and SAP Applications

CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.

2 min Research

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.