3 min
Emergent Threat Response
CVE-2023-34362: MOVEit Vulnerability Timeline of Events
Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.
8 min
Emergent Threat Response
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
3 min
Emergent Threat Response
Exploitation of GoAnywhere MFT zero-day vulnerability
A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.
3 min
Emergent Threat Response
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.
5 min
Emergent Threat Response
CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server
On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.
15 min
Emergent Threat Response
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.
3 min
Emergent Threat Response
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.
18 min
Zero-Day
Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange
In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM.
4 min
Emergent Threat Response
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.
5 min
News
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the
exploitation of Microsoft Exchange through existing detections in InsightIDR
[https://www.rapid7.com/products/insightidr/]’s Attacker Behavior Analytics
(ABA). The Managed Detection and Response (MDR) identified multiple, related
compromises in the past 72 hours. In most cases, the attacker is uploading an
“eval” webshell, commonly referred to as a “chopper” or “China chopper”. With
this foothold, the attacker would then
3 min
Emergent Threat Response
SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know
2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.
4 min
Threat Intel
Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.
2 min
Metasploit
Federal Friday - 2.28.14 - Flash Zero Day Targets Foreign Policy Sites
Federal Friday has come again, which means another week has passed us by. It's
been a busy week for the Moose of Rapid7 with an imminent move for our Boston HQ
for on the horizon. We also had a great week at RSA with SC Magazine naming
Nexpose the Best Vulerability Management Solution!
The threat landscape has had a wild few days with a major security flaw for
Apple desktops and iOS devices as well as another IE zero day being discovered.
In addition, a detailed report from FireEye
[http://www.
2 min
Phishing
Federal Friday - 10.18.2013 - The "We're Back In Business" Edition
After a tough start to FY14, a sense of normalcy should start to creep back in
over the coming weeks. Even though the folks in the House and Senate merely
delayed their budgetary discussions, we can only hope that some hard lessons
were learned this time around and that come January our collective backs won't
be up against the wall again. Unfortunately the under-valued thespian, Nicolas
Cage, won't be representing my feelings in this week's blog as we have some
things to talk about.
One of the
2 min
Internet Explorer
IE 0-day: exploit code is now widely available (CVE-2013-3893)
Any newly discovered Internet Explorer zero day vulnerability is bad for users.
But once the exploit code gets around to public disclosure sites, it's so much
worse. In the past day or so exploit code has been submitted to virustotal.com
and scumware.org.
Users and administrators should take immediate action to mitigate the risk posed
by CVE-2013-3893
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893]. Considering
the timing, I personally expect to see an out of band patch fro