3 min
Ransomware
To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved
Our research shows the "market share" of ransomware groups and how much they focused on different types of data.
2 min
Emergent Threat Response
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.
3 min
Ransomware
For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus
We found customer data in the overwhelming majority of data disclosures from ransomware attacks against the financial services industry.
3 min
Ransomware
For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma
When it comes to ransomware in healthcare and pharma, there are some notable similarities that set them apart from other industries.
5 min
Vulnerability Disclosure
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.
4 min
Vulnerability Disclosure
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)
A remote and low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
3 min
Vulnerability Disclosure
CVE-2022-32230: Windows SMB Denial-of-Service Vulnerability (FIXED)
With CVE-2022-32230, a remote and unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.
4 min
Vulnerability Management
The Hidden Harm of Silent Patches
Silent patches limit who understands how to exploit a vulnerability, which sounds like a great plan — but there's a catch.
11 min
Emergent Threat Response
Active Exploitation of Confluence CVE-2022-26134
On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center.
1 min
Emergent Threat Response
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
On May 30, 2022, Microsoft published an advisory on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool.
7 min
Vulnerability Disclosure
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service from running in a guest Windows environment and can crash this service.
2 min
Emergent Threat Response
CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
On May 18, 2022, VMware published an advisory on CVE-2022-22972, a critical authentication bypass affecting multiple solutions.
5 min
Vulnerability Disclosure
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.
2 min
Emergent Threat Response
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.