2 min
Emergent Threat Response
Active Exploitation of Apache HTTP Server CVE-2021-40438
In September 2021, Apache released a fix for CVE-2021-40438, a critical SSRF vulnerability. Several sources now confirm they have seen exploit attempts in the wild.
1 min
Emergent Threat Response
CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.
2 min
Emergent Threat Response
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild
Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.
5 min
Risk Management
2022 Planning: Designing Effective Strategies to Manage Supply Chain Risk
Rapid7 experts spoke with a group of industry panelists about the challenges of supply chain security and how their organizations are tackling them.
3 min
Emergent Threat Response
Apache HTTP Server CVE-2021-41773 Exploited in the Wild
On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.
2 min
Emergent Threat Response
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.
4 min
Emergent Threat Response
ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers
As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.
7 min
Emergent Threat Response
Popular Attack Surfaces, August 2021: What You Need to Know
Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.
5 min
Emergent Threat Response
PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains
Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”
8 min
Emergent Threat Response
CVE-2021-34527 PrintNightmare: What You Need to Know
Vulnerability note: This blog originally referenced CVE-2021-1675, but members
of the community noted the week of June 29 that the publicly available exploits
that purported to exploit CVE-2021-1675 may in fact have been targeting a new
vulnerability in the same function as CVE-2021-1675. This was later confirmed,
and Microsoft issued a new CVE for what the research community originally
thought was CVE-2021-1675. Defenders should now follow guidance and remediation
information on the new vulnera
2 min
Emergent Threat Response
CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability
On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010
[https://www.vmware.com/security/advisories/VMSA-2021-0010.html], which includes
details on CVE-2021-21985, a critical remote code execution vulnerability in the
vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and
VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of
input validation in the Virtual SAN Health Check plug-in, which is enabled by
default in vCenter Server. Succe
2 min
Emergent Threat Response
VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know
What’s up?
On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community
[https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of
active exploitation attempts of CVE-2020-3992
[https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability]
and/or CVE-2019-5544
[https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details]
, which are remote code execution (RCE) vulnerabili
2 min
Vulnerability Management
CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know
CVE-2020-1472 is a critical privilege escalation vulnerability that can yield an attacker full takeover of an affected network. Here's what you need to know.
5 min
InsightVM
Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder
During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.
4 min
Vulnerability Management
Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350): What You Need to Know
On Tuesday, July 14, 2020, Microsoft released a patch for a 17-year-old remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) servers discovered by Check Point researchers.