3分钟
紧急威胁响应
CVE-2023-47246: SysAid Zero-Day 脆弱性 Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
6分钟
紧急威胁响应
Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
Daniel Lydon 和 Conor Quinn contributed attacker behavior insights to this
博客.
As of November 5, 2023, Rapid7 管理检测和响应 (耐多药) is observing
exploitation of Atlassian Confluence in multiple customer environments,
包括用于部署勒索软件. 我们已经确认至少有一些
攻击目标是CVE-2023-22518
[http://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-和-server-1311473907.ht
4分钟
紧急威胁响应
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
周五开始, 10月27日, Rapid7 管理检测和响应 (耐多药) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments.
2分钟
紧急威胁响应
CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure 脆弱性
10月10日, 2023, Citrix published an advisory on two vulnerabilities affecting NetScaler ADC 和 NetScaler Gateway. 其中更关键的是CVE-2023-4966, a sensitive information disclosure vulnerability that allows an attacker to read large amounts of memory after the end of a buffer.
7分钟
紧急威胁响应
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day 脆弱性
周一, 10月16日, Cisco’s Talos group published a 博客 on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software.
3分钟
紧急威胁响应
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server 和 Data Center
10月4日, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server 和 Confluence Data Center.
6分钟
紧急威胁响应
WS_FTP服务器中的关键漏洞
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
[http://www.ipswitch.com/ftp-server], a secure file transfer solution. 在那里
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044和CVE-2023-42657). 我们的研究小组已经确定了什么
似乎是 .NET deserialization vulnerability (CVE-2023-40044) 和
confirmed that it is exploitable with a single HTTPS POST request 和 a
pre
2分钟
紧急威胁响应
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
9月20日, 2023, JetBrains披露了CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. 成功ful exploitation could make the vulnerability a potential supply chain attack vector.
3分钟
紧急威胁响应
Exploitation of Juniper Networks SRX Series 和 EX Series Devices
8月17日, 2023, Juniper Networks published an out-of-b和 advisory on four different CVEs affecting Junos OS on SRX 和 EX Series devices. 成功ful exploitation would likely enable attackers to pivot to organizations’ internal networks.
7分钟
紧急威胁响应
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Rapid7’s managed detection 和 response (耐多药) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical 和 virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.
2分钟
紧急威胁响应
CVE-2023-35078: Critical API Access 脆弱性 in Ivanti Endpoint 经理 Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint 经理 Mobile.
2分钟
紧急威胁响应
Critical Zero-Day 脆弱性 in Citrix NetScaler ADC 和 NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC 和 NetScaler Gateway.
4分钟
紧急威胁响应
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.
2分钟
紧急威胁响应
SonicWall Recommends Urgent Patching for GMS 和 Analytics CVEs
SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS 和 Analytics products.
3分钟
紧急威胁响应
CVE-2023-34362: MOVEit 脆弱性 Timeline of 事件
Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.