8分钟
事件响应
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
3分钟
紧急威胁响应
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. 成功ful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.
4分钟
紧急威胁响应
CVE-2024-3400: Critical Comm和 Injection 脆弱性 in Palo Alto Networks Firewalls
在周五, 4月12日, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.
3分钟
紧急威胁响应
XZ Utils后门漏洞(CVE-2024-3094)
在周五, 3月29日, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used comm和 line tool XZ Utils (liblzma).
19分钟
紧急威胁响应
CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, 这两个都是身份验证绕过.
3分钟
脆弱性管理
High-Risk Vulnerabilities in ConnectWise ScreenConnect
2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. 这两个漏洞都影响screenconnect23.9.7点及更早.
7分钟
事件响应
RCE到silver:来自战场的IR故事
Rapid7 事件响应 was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
2分钟
紧急威胁响应
Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.
2分钟
紧急威胁响应
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
1月22日, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
3分钟
紧急威胁响应
Critical CVEs in Outdated Versions of Atlassian Confluence 和 VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
本周广泛部署的软件. Atlassian披露
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-和-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter服务器咨询
[http://www.vmwar
6分钟
紧急威胁响应
Zero-Day Exploitation of Ivanti Connect Secure 和 Policy Secure Gateways
Ivanti Connect Secure 和 Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks 和 conduct a range of nefarious activities, 包括备份合法文件.
5分钟
紧急威胁响应
CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API
11月21日, 2023, ownCloud公开了CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” (graphapi) is present.
3分钟
紧急威胁响应
CVE-2023-47246: SysAid Zero-Day 脆弱性 Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
6分钟
紧急威胁响应
Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
Daniel Lydon 和 Conor Quinn contributed attacker behavior insights to this
博客.
As of November 5, 2023, Rapid7 管理检测和响应 (耐多药) is observing
exploitation of Atlassian Confluence in multiple customer environments,
包括用于部署勒索软件. 我们已经确认至少有一些
攻击目标是CVE-2023-22518
[http://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-和-server-1311473907.ht
4分钟
紧急威胁响应
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
周五开始, 10月27日, Rapid7 管理检测和响应 (耐多药) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments.