3 min
Emergent Threat Response
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.
2 min
Emergent Threat Response
Codecov Discloses Supply Chain Compromise
On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.
5 min
Emergent Threat Response
Attackers Targeting Fortinet Devices and SAP Applications
CISA and the FBI published a joint alert to warn users that APT threat actors were likely exploiting unpatched Fortinet FortiOS devices to gain initial access to government, commercial, technology, and other organizations’ networks.
2 min
Emergent Threat Response
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.
5 min
News
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."
4 min
Emergent Threat Response
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.
5 min
News
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the
exploitation of Microsoft Exchange through existing detections in InsightIDR
[https://www.rapid7.com/products/insightidr/]’s Attacker Behavior Analytics
(ABA). The Managed Detection and Response (MDR) identified multiple, related
compromises in the past 72 hours. In most cases, the attacker is uploading an
“eval” webshell, commonly referred to as a “chopper” or “China chopper”. With
this foothold, the attacker would then
3 min
News
Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products
On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations.
2 min
News
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
On Feb. 23, 2021, VMware published an advisory describing three weaknesses affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation.
3 min
Emergent Threat Response
SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know
2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.
4 min
News
State-Sponsored Threat Actors Target Security Researchers
On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.
7 min
Vulnerability Management
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.
2 min
Emergent Threat Response
VMware ESXi OpenSLP Remote Code Execution Vulnerability (CVE-2020-3992 and CVE-2019-5544): What You Need To Know
What’s up?
On November 6, 2020 Microsoft’s Kevin Beaumont alerted the community
[https://twitter.com/GossiTheDog/status/1324896051128635392] to evidence of
active exploitation attempts of CVE-2020-3992
[https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability]
and/or CVE-2019-5544
[https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details]
, which are remote code execution (RCE) vulnerabili
2 min
News
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.
3 min
Vulnerability Management
Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know
Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.