Posts by Glenn Thorpe

2 min Emergent Threat Response

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587 [https://nvd.nist.gov/vuln/detail/CVE-2022-21587], a critical arbitrary file upload vulnerability (rated 9.8 on the CVSS v3 risk metric) impacting Oracle E-Business Suite (EBS). Oracle published a Critical Patch Update Advisory [https://www.oracle.com/security-alerts/cpuoct2022.html] in Octob

7 min Emergent Threat Response

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.

2 min Emergent Threat Response

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.

1 min Emergent Threat Response

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.

2 min Emergent Threat Response

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Today FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN. FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild.

2 min Emergent Threat Response

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.

2 min Emergent Threat Response

Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138

Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.

4 min Emergent Threat Response

Active Exploitation of VMware Horizon Servers

Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.

2 min Emergent Threat Response

Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices

On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.

2 min Emergent Threat Response

Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution

Zoho customers have had a huge incentive lately to keep their software up to date, as recent Zoho critical vulnerabilities have been weaponized shortly after release by advanced attackers.

2 min Emergent Threat Response

Ongoing Exploitation of Windows Installer CVE-2021-41379

On November 22, 2021, security researcher Abdelhamid Naceri found that Microsoft's initial patch for CVE-2021-41379 did not remediate the vulnerability.

2 min Emergent Threat Response

NPM Library (ua-parser-js) Hijacked: What You Need to Know

For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.

2 min Emergent Threat Response

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.

7 min Emergent Threat Response

Popular Attack Surfaces, August 2021: What You Need to Know

Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.