5分钟
风险管理
Peeking into the crystal ball: What 2023 cyber threats told us about 2024
Even though we’re surely in for more than a few surprises in the coming year, there are ways we can be better prepared. So sit back 和 relax as we venture through some insights we’ve gained in 2023 和 offer ways you can put them into practice in the coming year.
1分钟
紧急威胁响应
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
Rapid7 is aware of at least one incident where a customer was compromised via CVE-2022-47986. We strongly recommend patching on an emergency basis.
2分钟
紧急威胁响应
CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management 产品
Atlassian has published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting Jira service management products.
2分钟
紧急威胁响应
Ransomware Campaign Compromising VMware ESXi Servers
Hosting provider OVH 和 French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.
3分钟
紧急威胁响应
Exploitation of GoAnywhere MFT zero-day vulnerability
A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.
1分钟
政府
Rapid7 Added to Carahsoft GSA Schedule Contract
We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, 状态, 和 Local agencies through Carahsoft 和 its reseller partners.
3分钟
紧急威胁响应
CVE-2022-3786 和 CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed
The Rapid7 research team will update this blog post as we learn more details
about this vulnerability 和 its attack surface area.
OpenSSL [http://www . net.openssl.[Org/]项目发布
[http://www.openssl.org/news/cl30.[Txt]版本3.0.7、2022年11月1日到
地址CVE-2022-3786和CVE-2022-3602
[http://www.openssl.org/news/secadv/20221101.Txt],两个高级别
影响OpenSSL的3.0.发现并报告X版本流
由Polar Bear和Viktor Dukhovni创作. OpenSSL
1分钟
风险管理
CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution
10月25日, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.
3分钟
紧急威胁响应
CVE-2022-42889: Keep Calm 和 Stop Saying "Text4Shell"
UPDATE 10/18/22: A previous version of this blog indicated that five JDK
versions (JDK 15+) were not impacted due to the exclusion of the Nashorn
JavaScript引擎. 但是,更新后的PoC
[http://twitter.com/pwntester/status/1582321752566161409]came out that uses the
作为利用路径的JEXL引擎. 如果存在JEXL,则执行代码
successfully, so this issue can be exploited on any JDK where a relevant engine
可以被杠杆化.
CVE-2022-42889, which some have begun calling “Text4Shell,”
2分钟
紧急威胁响应
CVE-2022-36804: Easily Exploitable 脆弱性 in Atlassian Bitbucket Server 和 Data Center
8月24日, 2022, Atlassian published an advisory for Bitbucket Server 和 Data Center alerting users to CVE-2022-36804.
3分钟
脆弱性管理
The 2022 SANS Top New Attacks 和 Threats Report Is In, 和 It's Required Reading
The latest Top New Attacks 和 Threat Report from the cybersecurity experts at SANS is here — 和 the findings are critical for security teams.
4分钟
紧急威胁响应
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched 和 four that are actively being exploited.
9分钟
漏洞的披露
QNAP Poisoned XML Comm和 Injection (Silently Patched)
In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.
2分钟
紧急威胁响应
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
攻击正在进行中CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.
3分钟
Ransomware
To Maze 和 Beyond: How the Ransomware Double Extortion Space Has Evolved
Our research shows the "market share" of ransomware groups 和 how much they focused on different types of data.