8 min
Patch Tuesday
Patch Tuesday - December 2024
1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.
5 min
Emergent Threat Response
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
On Monday, December 9, multiple security firms began privately circulating
reports of in-the-wild exploitation targeting Cleo file transfer software. Late
the evening of December 9, security firm Huntress published a blog
[http://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild]
on active exploitation of three different Cleo products (docs
[http://cleo-infoeng.s3.us-east-2.amazonaws.com/PDF/Harmony/5.8/Harmony_58_UserGuide_053123.pdf]
):
*
3 min
Vulnerability Disclosure
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.
3 min
Emergent Threat Response
Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.
12 min
Vulnerability Management
Patch Tuesday - November 2024
4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.
3 min
Emergent Threat Response
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.
13 min
Vulnerability Management
Patch Tuesday - October 2024
5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.
4 min
Vulnerability Management
Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management
This is where continuous threat exposure management (CTEM) comes into play – an approach that shifts the focus from merely identifying vulnerabilities to understanding and mitigating exposures across the entire attack surface.
3 min
Emergent Threat Response
Multiple Vulnerabilities in Common Unix Printing System (CUPS)
Multiple unpatched vulnerabilities were publicly disclosed in the Common Unix Printing System (CUPS), a popular IPP-based open-source printing system.
3 min
Emergent Threat Response
High-Risk Vulnerabilities in Common Enterprise Technologies
Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.
6 min
Attack Surface Security
Help, I can’t see! A Primer for Attack Surface Management Blog Series
In this series, we will explore the critical challenges and solutions associated with Attack Surface Management (ASM), a vital aspect of modern cybersecurity strategy.
10 min
Patch Tuesday
Patch Tuesday - September 2024
4 zero-days. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT critical RCEs.
2 min
Emergent Threat Response
CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices
CVE-2024-40766 is a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. As of September 9, 2024, Rapid7 is aware of several recent incidents in which SonicWall SSLVPN accounts were targeted or compromised.
3 min
Emergent Threat Response
Multiple Vulnerabilities in Veeam Backup & Replication
On September 4, 2024, Veeam released their September security bulletin disclosing various vulnerabilities, including CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution.
17 min
Vulnerability Disclosure
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux and Windows. Exploitation is facilitated by bypassing previous patches.