Posts tagged Emergent Threat Response

1 min Emergent Threat Response

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.

1 min Emergent Threat Response

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response (IR) and Managed Detection and Response (MDR) teams began seeing opportunistic exploitation of two unrelated CVEs targeting Zoho ManageEngine and Sitecore.

1 min Emergent Threat Response

New NPM library hijacks (coa and rc)

A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.

4 min Emergent Threat Response

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper [https://www.trojansource.codes/trojan-source.pdf] on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different languages—to trick compilers into emitting binaries that do not actually match the logic visible in source code. In other words, what a developer or secu

2 min Emergent Threat Response

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.

2 min Emergent Threat Response

NPM Library (ua-parser-js) Hijacked: What You Need to Know

For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.

3 min Emergent Threat Response

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.

2 min Emergent Threat Response

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.

2 min Emergent Threat Response

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.

4 min Emergent Threat Response

ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers

As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.

7 min Emergent Threat Response

Popular Attack Surfaces, August 2021: What You Need to Know

Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.

5 min Emergent Threat Response

PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS

Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”

3 min Emergent Threat Response

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.

4 min Emergent Threat Response

Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies

Rapid7 is aware of and tracking all information surrounding a coordinated, mass ransomware attack that appears to be targeting Kaseya VSA patch management and monitoring software.

2 min Emergent Threat Response

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.