贴有“紧急威胁响应”标签的帖子

10分钟 管理检测和响应(耐多药)

Malvertising Campaign Leads to Execution of Oyster Backdoor

Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome 和 Microsoft Teams.

2分钟 紧急威胁响应

CVE-2024-28995: Trivially Exploitable Information Disclosure 脆弱性 in SolarWinds Serv-U

6月5日, 2024, SolarWinds披露了CVE-2024-28995, a high-severity directory traversal vulnerability affecting the Serv-U file transfer server. 成功ful exploitation of the vulnerability allows unauthenticated attackers to read sensitive files on the host.

4分钟 紧急威胁响应

CVE-2024-24919: Check Point Security Gateway Information Disclosure

5月28日, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.

10分钟 管理检测和响应(耐多药)

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Justice AV Solutions (JAVS)是一家美国公司.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk 和 should take immediate action.

8分钟 事件响应

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Rapid7 observes ongoing social engineering campaign consistent with Black Basta

3分钟 紧急威胁响应

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. 成功ful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.

4分钟 紧急威胁响应

CVE-2024-3400: Critical Comm和 Injection 脆弱性 in Palo Alto Networks Firewalls

在周五, 4月12日, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.

3分钟 紧急威胁响应

XZ Utils后门漏洞(CVE-2024-3094)

在周五, 3月29日, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used comm和 line tool XZ Utils (liblzma).

19分钟 紧急威胁响应

CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, 这两个都是身份验证绕过.

3分钟 脆弱性管理

High-Risk Vulnerabilities in ConnectWise ScreenConnect

2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. 这两个漏洞都影响screenconnect23.9.7点及更早.

7分钟 事件响应

RCE到silver:来自战场的IR故事

Rapid7 事件响应 was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.

2分钟 紧急威胁响应

Critical Fortinet FortiOS CVE-2024-21762 Exploited

CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.

2分钟 紧急威胁响应

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

1月22日, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

3分钟 紧急威胁响应

Critical CVEs in Outdated Versions of Atlassian Confluence 和 VMware vCenter Server

Rapid7 is highlighting two critical vulnerabilities in outdated versions of 本周广泛部署的软件. Atlassian披露 [http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-和-confluence-server-1333990257.html] CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023 vCenter服务器咨询 [http://www.vmwar

7分钟 紧急威胁响应

Zero-Day Exploitation of Ivanti Connect Secure 和 Policy Secure Gateways

Ivanti Connect Secure 和 Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks 和 conduct a range of nefarious activities, 包括备份合法文件.