10分钟
管理检测和响应(耐多药)
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome 和 Microsoft Teams.
2分钟
紧急威胁响应
CVE-2024-28995: Trivially Exploitable Information Disclosure 脆弱性 in SolarWinds Serv-U
6月5日, 2024, SolarWinds披露了CVE-2024-28995, a high-severity directory traversal vulnerability affecting the Serv-U file transfer server. 成功ful exploitation of the vulnerability allows unauthenticated attackers to read sensitive files on the host.
4分钟
紧急威胁响应
CVE-2024-24919: Check Point Security Gateway Information Disclosure
5月28日, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.
10分钟
管理检测和响应(耐多药)
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
Justice AV Solutions (JAVS)是一家美国公司.S.-based company specializing in digital audio-visual recording solutions for courtroom environments.
Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk 和 should take immediate action.
8分钟
事件响应
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Rapid7 observes ongoing social engineering campaign consistent with Black Basta
3分钟
紧急威胁响应
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. 成功ful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.
4分钟
紧急威胁响应
CVE-2024-3400: Critical Comm和 Injection 脆弱性 in Palo Alto Networks Firewalls
在周五, 4月12日, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.
3分钟
紧急威胁响应
XZ Utils后门漏洞(CVE-2024-3094)
在周五, 3月29日, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used comm和 line tool XZ Utils (liblzma).
19分钟
紧急威胁响应
CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, 这两个都是身份验证绕过.
3分钟
脆弱性管理
High-Risk Vulnerabilities in ConnectWise ScreenConnect
2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. 这两个漏洞都影响screenconnect23.9.7点及更早.
7分钟
事件响应
RCE到silver:来自战场的IR故事
Rapid7 事件响应 was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
2分钟
紧急威胁响应
Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.
2分钟
紧急威胁响应
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
1月22日, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
3分钟
紧急威胁响应
Critical CVEs in Outdated Versions of Atlassian Confluence 和 VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
本周广泛部署的软件. Atlassian披露
[http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-和-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter服务器咨询
[http://www.vmwar
7分钟
紧急威胁响应
Zero-Day Exploitation of Ivanti Connect Secure 和 Policy Secure Gateways
Ivanti Connect Secure 和 Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks 和 conduct a range of nefarious activities, 包括备份合法文件.