Rapid7

Rapid7 releases Command Platform, unified attack defense and response

Industry news, Rapid7 /

Rapid7 releases Command Platform, unified attack defense and response 2024-08-05 at 15:31 By Industry News Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to cloud to close security gaps […]

Rapid7 releases Command Platform, unified attack defense and response Read More »

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

0-day, Check Point, CISA, CVE, Don't miss, enterprise, Hot stuff, News, Rapid7, WatchTowr /

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 2024-05-31 at 14:32 By Zeljka Zorz Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) Read More »

JAVS Courtroom Audio-Visual Software Installer Serves Backdoor

CVE-2024-4978, ICS/OT, JAVS, Malware & Threats, Rapid7, Vulnerabilities /

JAVS Courtroom Audio-Visual Software Installer Serves Backdoor 2024-05-24 at 16:31 By Ionut Arghire Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover. The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

JAVS Courtroom Audio-Visual Software Installer Serves Backdoor Read More »

Compromised recording software was served from vendor’s official site, threat researchers say

Don't miss, Hot stuff, Malware, News, Rapid7, supply chain compromise /

Compromised recording software was served from vendor’s official site, threat researchers say 2024-05-23 at 18:01 By Zeljka Zorz Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected

Compromised recording software was served from vendor’s official site, threat researchers say Read More »

Black Basta target orgs with new social engineering campaign

CISA, Don't miss, Hot stuff, News, Ransomware, Rapid7, remote management, social engineering, vishing /

Black Basta target orgs with new social engineering campaign 2024-05-13 at 15:46 By Zeljka Zorz Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersecurity advisory

Black Basta target orgs with new social engineering campaign Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

NIST’s NVD has encountered a problem Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

Don't miss, enterprise, Hot stuff, NAS, News, Palo Alto Networks, QNAP, Rapid7, security update, SMBs, vulnerability /

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) Read More »

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)

Don't miss, Fortinet, Hot stuff, News, Rapid7, security update, vulnerability /

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) 2024-02-12 at 21:01 By Zeljka Zorz Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) Read More »

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

CISA, Don't miss, endpoint management, exploit, GreyNoise, Ivanti, News, Rapid7, vulnerability /

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) 2024-01-19 at 19:49 By Zeljka Zorz A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) Read More »

Rapid7 introduces AI-powered cloud anomaly detection

Industry news, Rapid7 /

Rapid7 introduces AI-powered cloud anomaly detection 21/11/2023 at 16:04 By Industry News Rapid7 has announced its newest innovation in artificial intelligence (AI)-driven threat detection for the cloud. Now available in early access to select Rapid7 customers, this enhancement improves SOC teams’ visibility and response time to cyber threats across public cloud environments. Rapid7’s cloud anomaly

Rapid7 introduces AI-powered cloud anomaly detection Read More »

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)

Apache ActiveMQ, Don't miss, Hot stuff, News, PoC, Ransomware, Rapid7, security update, vulnerability /

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) 02/11/2023 at 17:01 By Zeljka Zorz Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). “Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

0-day, Atlassian, Atlassian Confluence, Don't miss, Hot stuff, News, Rapid7, security update, vulnerability /

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) 05/10/2023 at 13:02 By Helga Labus Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) Read More »

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Assetnote, Don't miss, file-sharing, Hot stuff, News, Progress, Rapid7, security update, vulnerability /

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) 02/10/2023 at 14:17 By Helga Labus Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) Read More »

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

continuous integration, Don't miss, Hot stuff, JetBrains, News, Rapid7, software delivery, software development, vulnerability /

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) 26/09/2023 at 18:01 By Zeljka Zorz Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server.

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) Read More »

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)

brute-force, Cisco, Don't miss, Hot stuff, News, Rapid7, vulnerability /

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) 08/09/2023 at 14:02 By Zeljka Zorz A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support case,”

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) Read More »

Cisco VPNs with no MFA enabled hit by ransomware groups

Arctic Wolf Networks, brute-force, Cisco, Don't miss, enterprise, Hot stuff, MFA, News, Ransomware, Rapid7, SMBs, VPN /

Cisco VPNs with no MFA enabled hit by ransomware groups 31/08/2023 at 14:46 By Zeljka Zorz Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default

Cisco VPNs with no MFA enabled hit by ransomware groups Read More »

Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan

layoffs, Management & Strategy, Rapid7 /

Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan 09/08/2023 at 06:46 By Mike Lennon Restructuring plan will result in an 18% reduction in employee headcount and closing of some Rapid7 office locations. The post Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan Read More »

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)

0-day, Don't miss, endpoint management, Hot stuff, Ivanti, MobileIron, News, Rapid7, security update, vulnerability /

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) 03/08/2023 at 13:46 By Helga Labus Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) Read More »

Scroll to Top