Posts tagged Vulnerability Risk Management

1 min Emergent Threat Response

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.

2 min Emergent Threat Response

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.

3 min Emergent Threat Response

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.

2 min Emergent Threat Response

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.

4 min Emergent Threat Response

ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers

As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.

7 min Emergent Threat Response

Popular Attack Surfaces, August 2021: What You Need to Know

Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.

5 min Emergent Threat Response

PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains Running AD CS

Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”

3 min Emergent Threat Response

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.

8 min Emergent Threat Response

CVE-2021-34527 (PrintNightmare): What You Need to Know

Vulnerability note: This blog originally referenced CVE-2021-1675, but members of the community noted the week of June 29 that the publicly available exploits that purported to exploit CVE-2021-1675 may in fact have been targeting a new vulnerability in the same function as CVE-2021-1675. This was later confirmed, and Microsoft issued a new CVE for what the research community originally thought was CVE-2021-1675. Defenders should now follow guidance and remediation information on the new vulnera

2 min Emergent Threat Response

CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability

On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010 [https://www.vmware.com/security/advisories/VMSA-2021-0010.html], which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. Succe

4 min CISOs

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ (formerly CBS All Access) streaming platform.

2 min Emergent Threat Response

VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know

What’s up? On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community [https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of active exploitation attempts of CVE-2020-3992 [https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability] and/or CVE-2019-5544 [https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details] , which are remote code execution (RCE) vulnerabili

2 min Vulnerability Management

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.

3 min Vulnerability Management

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across products of three industrial control system (ICS) vendors’ — HMS, Secomea, and Moxa — remote access technologies.

5 min InsightVM

Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder

During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.