Posts tagged Vulnerability Management

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.

OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability

On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).

7 min Patch Tuesday

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: 9/10/21

Confluence Server OGNL Injection Our own wvu along with Jang [https://twitter.com/testanull] added a module that exploits an OGNL injection (CVE-2021-26804 [https://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection] )in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and Confluence Data Center and is actively being exploited in the wild. Initial di

4 min Vulnerability Disclosure

CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities

Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System.

5 min Cybersecurity

Fortinet FortiWeb OS Command Injection

An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.

3 min Cybersecurity

When One Door Opens, Keep It Open: A New Tool for Physical Security Testing

We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.

3 min Incident Response

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.

6 min Patch Tuesday

Patch Tuesday - August 2021

Hot off the press, it’s another issue of the Patch Tuesday blog! While the number of vulnerabilities is low this month, there are a number of high risk items administrators will want to patch right away including a few that will require additional remediation steps. This Patch Tuesday also includes updates for three vulnerabilities that were publicly disclosed earlier this month. Let’s jump in. Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM https://msrc.microsoft.com/

11 min Public Policy

Hack Back Is Still Wack

The appeal of hack back is easy to understand, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.

8 min Ransomware

Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever

Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.

7 min Ransomware

The Ransomware Task Force: A New Approach to Fighting Ransomware

The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.

4 min Metasploit

Metasploit Wrap-Up: Jul. 23, 2021

Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource server itself? Well wait no more, as thanks to the work of Aaron Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson [https://www.linkedin.com/in/jonathan-p-004b76a1/], Will

3 min InsightVM

What’s New in InsightVM: Q2 2021 in Review

Here is a rundown of new features and functionality launched in Q2 2021 for InsightVM and the Insight Platform.

9 min Vulnerability Management

Patch Tuesday - July 2021

Microsoft has patched another 117 CVEs [https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul], returning to volumes seen in early 2021 and most of 2020. It would appear that the recent trend of approximately 50 vulnerability fixes per month was not indicative of a slowing pace. This month there were 13 vulnerabilities rated Critical with nearly the rest being rated Important. Thankfully, none of the updates published today require additional steps to remediate, so administrators should b