Posts tagged Emergent Threat Response

2 min Emergent Threat Response

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software. A patch is available for this vulnerability and should be applied on an emergency basis.

3 min Emergent Threat Response

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and Christiaan Beek all contributed to this blog. On Wednesday, March 29, 2023, multiple security firms issued [https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/] warnings [https://www.s

1 min Emergent Threat Response

Active Exploitation of IBM Aspera Faspex CVE-2022-47986

Rapid7 is aware of at least one incident where a customer was compromised via CVE-2022-47986. We strongly recommend patching on an emergency basis.

3 min Emergent Threat Response

Rapid7-Observed Exploitation of Adobe ColdFusion

Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments.

4 min Emergent Threat Response

Active Exploitation of ZK Framework CVE-2022-36537

Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.

2 min Emergent Threat Response

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587 [https://nvd.nist.gov/vuln/detail/CVE-2022-21587], a critical arbitrary file upload vulnerability (rated 9.8 on the CVSS v3 risk metric) impacting Oracle E-Business Suite (EBS). Oracle published a Critical Patch Update Advisory [https://www.oracle.com/security-alerts/cpuoct2022.html] in Octob

2 min Emergent Threat Response

CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products

Atlassian has published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting Jira service management products.

2 min Emergent Threat Response

Ransomware Campaign Compromising VMware ESXi Servers

Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.

3 min Emergent Threat Response

Exploitation of GoAnywhere MFT zero-day vulnerability

A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.

1 min Emergent Threat Response

Exploitation of Control Web Panel CVE-2022-44877

Security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877 in early January. Successful exploitation has since been observed in the wild.

7 min Emergent Threat Response

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.

2 min Emergent Threat Response

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.

1 min Emergent Threat Response

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.

2 min Emergent Threat Response

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Today FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN. FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild.

2 min Emergent Threat Response

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 [https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516] announcing fixes for three vulnerabilities: * CVE-2022-27510 [https://nvd.nist.gov/vuln/detail/CVE-2022-27510] “Unauthorized access to Gateway user capabilities” * CVE-2022-27513 [https://nvd.nist.gov/vuln/detai