Posts tagged Vulnerability Management

8 min Patch Tuesday

Patch Tuesday - December 2024

1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.

5 min Emergent Threat Response

Widespread exploitation of Cleo file transfer software (CVE-2024-50623)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog [http://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild] on active exploitation of three different Cleo products (docs [http://cleo-infoeng.s3.us-east-2.amazonaws.com/PDF/Harmony/5.8/Harmony_58_UserGuide_053123.pdf] ): *

3 min Vulnerability Disclosure

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.

3 min Emergent Threat Response

Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces

Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.

12 min Vulnerability Management

Patch Tuesday - November 2024

4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.

3 min Emergent Threat Response

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.

13 min Vulnerability Management

Patch Tuesday - October 2024

5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.

4 min Vulnerability Management

Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management

This is where continuous threat exposure management (CTEM) comes into play – an approach that shifts the focus from merely identifying vulnerabilities to understanding and mitigating exposures across the entire attack surface.

3 min Emergent Threat Response

Multiple Vulnerabilities in Common Unix Printing System (CUPS)

Multiple unpatched vulnerabilities were publicly disclosed in the Common Unix Printing System (CUPS), a popular IPP-based open-source printing system.

3 min Emergent Threat Response

High-Risk Vulnerabilities in Common Enterprise Technologies

Rapid7 is warning customers about high-risk vulnerabilities in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager (EPM). These CVEs are likely attack targets for APT and/or financially motivated adversaries.

6 min Attack Surface Security

Help, I can’t see! A Primer for Attack Surface Management Blog Series

In this series, we will explore the critical challenges and solutions associated with Attack Surface Management (ASM), a vital aspect of modern cybersecurity strategy.

10 min Patch Tuesday

Patch Tuesday - September 2024

4 zero-days. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT critical RCEs.

2 min Emergent Threat Response

CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices

CVE-2024-40766 is a critical improper access control vulnerability affecting SonicOS, the operating system that runs on the company’s physical and virtual firewalls. As of September 9, 2024, Rapid7 is aware of several recent incidents in which SonicWall SSLVPN accounts were targeted or compromised.

3 min Emergent Threat Response

Multiple Vulnerabilities in Veeam Backup & Replication

On September 4, 2024, Veeam released their September security bulletin disclosing various vulnerabilities, including CVE-2024-40711, a critical unauthenticated remote code execution issue affecting Veeam’s popular Backup & Replication solution.

17 min Vulnerability Disclosure

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux and Windows. Exploitation is facilitated by bypassing previous patches.