7 min
Emergent Threat Response
Popular Attack Surfaces, August 2021: What You Need to Know
Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.
5 min
Emergent Threat Response
PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains
Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”
3 min
Emergent Threat Response
Microsoft SAM File Readability CVE-2021-36934: What You Need to Know
CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.
4 min
Emergent Threat Response
Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies
Rapid7 is aware of and tracking all information surrounding a coordinated, mass ransomware attack that appears to be targeting Kaseya VSA patch management and monitoring software.
2 min
Emergent Threat Response
SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know
On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.
8 min
Emergent Threat Response
CVE-2021-34527 PrintNightmare: What You Need to Know
Vulnerability note: This blog originally referenced CVE-2021-1675, but members
of the community noted the week of June 29 that the publicly available exploits
that purported to exploit CVE-2021-1675 may in fact have been targeting a new
vulnerability in the same function as CVE-2021-1675. This was later confirmed,
and Microsoft issued a new CVE for what the research community originally
thought was CVE-2021-1675. Defenders should now follow guidance and remediation
information on the new vulnera
2 min
Emergent Threat Response
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
On June 29, 2021, researcher Michael Stepankin (@artsploit) posted details of a pre-auth remote code execution (RCE) vulnerability, CVE-2021-35464, in ForgeRock Access Manager identity and access management software that front-ends web applications and remote access solutions in many enterprises.
2 min
Emergent Threat Response
CVE-2021-21985: What You Need To Know About the Latest Critical vCenter Server Vulnerability
On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010
[https://www.vmware.com/security/advisories/VMSA-2021-0010.html], which includes
details on CVE-2021-21985, a critical remote code execution vulnerability in the
vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and
VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of
input validation in the Virtual SAN Health Check plug-in, which is enabled by
default in vCenter Server. Succe
3 min
Emergent Threat Response
Want to stay ahead of emerging threats? Here’s how.
A key question security organizations should ask themselves with regard to emerging threats: Are the systems we have logging the correct information?
3 min
Emergent Threat Response
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.
2 min
Emergent Threat Response
Codecov Discloses Supply Chain Compromise
On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.
5 min
Emergent Threat Response
Attackers Targeting Fortinet Devices and SAP Applications
CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.
2 min
Emergent Threat Response
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.
5 min
News
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."
4 min
Emergent Threat Response
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.