2 min
Emergent Threat Response
CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel
On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel.
2 min
Emergent Threat Response
Active Exploitation of Apache HTTP Server CVE-2021-40438
In September 2021, Apache released a fix for CVE-2021-40438, a critical SSRF vulnerability. Several sources now confirm they have seen exploit attempts in the wild.
8 min
Metasploit
Announcing the 2021 Metasploit Community CTF
It’s time for another Metasploit community CTF! Our goal is to enable relationship building and knowledge sharing across the security community.
1 min
Emergent Threat Response
CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys.
1 min
Emergent Threat Response
Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs
Over the weekend of November 6, 2021, Rapid7’s Incident Response (IR) and Managed Detection and Response (MDR) teams began seeing opportunistic exploitation of two unrelated CVEs targeting Zoho ManageEngine and Sitecore.
1 min
Emergent Threat Response
New NPM library hijacks (coa and rc)
A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.
3 min
Emergent Threat Response
Apache HTTP Server CVE-2021-41773 Exploited in the Wild
On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.
2 min
Emergent Threat Response
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.
4 min
Emergent Threat Response
ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers
As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.
5 min
Emergent Threat Response
PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains
Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”
3 min
Emergent Threat Response
Microsoft SAM File Readability CVE-2021-36934: What You Need to Know
CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.
2 min
Emergent Threat Response
CVE-2021-21985: What You Need To Know About the Latest Critical vCenter Server Vulnerability
On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010
[https://www.vmware.com/security/advisories/VMSA-2021-0010.html], which includes
details on CVE-2021-21985, a critical remote code execution vulnerability in the
vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and
VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of
input validation in the Virtual SAN Health Check plug-in, which is enabled by
default in vCenter Server. Succe
3 min
Emergent Threat Response
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.
5 min
Emergent Threat Response
Attackers Targeting Fortinet Devices and SAP Applications
CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.
2 min
Research
Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020
Our 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new threats.
