3分钟
紧急威胁响应
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server 和 Data Center
10月4日, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server 和 Confluence Data Center.
6分钟
紧急威胁响应
WS_FTP服务器中的关键漏洞
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
[http://www.ipswitch.com/ftp-server], a secure file transfer solution. 在那里
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044和CVE-2023-42657). 我们的研究小组已经确定了什么
似乎是 .NET deserialization vulnerability (CVE-2023-40044) 和
confirmed that it is exploitable with a single HTTPS POST request 和 a
pre
2分钟
紧急威胁响应
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
9月20日, 2023, JetBrains披露了CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. 成功ful exploitation could make the vulnerability a potential supply chain attack vector.
3分钟
紧急威胁响应
Exploitation of Juniper Networks SRX Series 和 EX Series Devices
8月17日, 2023, Juniper Networks published an out-of-b和 advisory on four different CVEs affecting Junos OS on SRX 和 EX Series devices. 成功ful exploitation would likely enable attackers to pivot to organizations’ internal networks.
7分钟
紧急威胁响应
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Rapid7’s managed detection 和 response (耐多药) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical 和 virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.
2分钟
紧急威胁响应
CVE-2023-35078: Critical API Access 脆弱性 in Ivanti Endpoint 经理 Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint 经理 Mobile.
2分钟
紧急威胁响应
Critical Zero-Day 脆弱性 in Citrix NetScaler ADC 和 NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC 和 NetScaler Gateway.
4分钟
紧急威胁响应
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.
2分钟
紧急威胁响应
SonicWall Recommends Urgent Patching for GMS 和 Analytics CVEs
SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS 和 Analytics products.
3分钟
紧急威胁响应
CVE-2023-34362: MOVEit 脆弱性 Timeline of 事件
Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.
2分钟
紧急威胁响应
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution 脆弱性
Rapid7正在追踪CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.
3分钟
紧急威胁响应
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks 电子邮件 Security Gateway (ESG) appliances.
8分钟
紧急威胁响应
Rapid7 Observed Exploitation of Critical MOVEit Transfer 脆弱性
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
2分钟
紧急威胁响应
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated comm和 injection vulnerability affecting multiple Zyxel networking devices.
2分钟
紧急威胁响应
CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution 脆弱性
CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software. A patch is available for this vulnerability 和 should be applied on an emergency basis.