贴有“紧急威胁响应”标签的帖子

10分钟 管理检测和响应(耐多药)

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Justice AV Solutions (JAVS)是一家美国公司.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk 和 should take immediate action.

8分钟 事件响应

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Rapid7 observes ongoing social engineering campaign consistent with Black Basta

3分钟 紧急威胁响应

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. 成功ful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.

4分钟 紧急威胁响应

CVE-2024-3400: Critical Comm和 Injection 脆弱性 in Palo Alto Networks Firewalls

在周五, 4月12日, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.

3分钟 紧急威胁响应

XZ Utils后门漏洞(CVE-2024-3094)

在周五, 3月29日, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used comm和 line tool XZ Utils (liblzma).

19分钟 紧急威胁响应

CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, 这两个都是身份验证绕过.

3分钟 脆弱性管理

High-Risk Vulnerabilities in ConnectWise ScreenConnect

2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. 这两个漏洞都影响screenconnect23.9.7点及更早.

7分钟 事件响应

RCE到silver:来自战场的IR故事

Rapid7 事件响应 was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.

2分钟 紧急威胁响应

Critical Fortinet FortiOS CVE-2024-21762 Exploited

CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.

2分钟 紧急威胁响应

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

1月22日, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

3分钟 紧急威胁响应

Critical CVEs in Outdated Versions of Atlassian Confluence 和 VMware vCenter Server

Rapid7 is highlighting two critical vulnerabilities in outdated versions of 本周广泛部署的软件. Atlassian披露 [http://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-和-confluence-server-1333990257.html] CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023 vCenter服务器咨询 [http://www.vmwar

6分钟 紧急威胁响应

Zero-Day Exploitation of Ivanti Connect Secure 和 Policy Secure Gateways

Ivanti Connect Secure 和 Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks 和 conduct a range of nefarious activities, 包括备份合法文件.

5分钟 紧急威胁响应

CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API

11月21日, 2023, ownCloud公开了CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” (graphapi) is present.

3分钟 紧急威胁响应

CVE-2023-47246: SysAid Zero-Day 脆弱性 Exploited By Lace Tempest

A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.

6分钟 紧急威胁响应

Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518

Daniel Lydon 和 Conor Quinn contributed attacker behavior insights to this 博客. As of November 5, 2023, Rapid7 管理检测和响应(耐多药) is observing exploitation of Atlassian Confluence in multiple customer environments, 包括用于部署勒索软件. 我们已经确认至少有一些 攻击目标是CVE-2023-22518 [http://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-和-server-1311473907.ht