2 min
Emergent Threat Response
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.
4 min
Emergent Threat Response
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.
2 min
Emergent Threat Response
SonicWall Recommends Urgent Patching for GMS and Analytics CVEs
SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.
3 min
Emergent Threat Response
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.
8 min
Emergent Threat Response
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
1 min
Emergent Threat Response
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
Rapid7 is aware of at least one incident where a customer was compromised via CVE-2022-47986. We strongly recommend patching on an emergency basis.
2 min
Emergent Threat Response
CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products
Atlassian has published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting Jira service management products.
2 min
Emergent Threat Response
Ransomware Campaign Compromising VMware ESXi Servers
Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.
3 min
Emergent Threat Response
Exploitation of GoAnywhere MFT zero-day vulnerability
A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.
1 min
Emergent Threat Response
Exploitation of Control Web Panel CVE-2022-44877
Security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877 in early January. Successful exploitation has since been observed in the wild.
1 min
Risk Management
CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution
On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.
5 min
Emergent Threat Response
CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server
On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.
4 min
Emergent Threat Response
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched and four that are actively being exploited.
2 min
Emergent Threat Response
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.
3 min
Emergent Threat Response
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.