8 min
Emergent Threat Response
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
2 min
Emergent Threat Response
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.
2 min
Emergent Threat Response
CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability
CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software. A patch is available for this vulnerability and should be applied on an emergency basis.
3 min
Emergent Threat Response
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
Emergent threats evolve quickly. We will update this blog with new information
as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels,
Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and
Christiaan Beek all contributed to this blog.
On Wednesday, March 29, 2023, multiple security firms issued
[http://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/]
warnings
[http://www.s
1 min
Emergent Threat Response
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
Rapid7 is aware of at least one incident where a customer was compromised via CVE-2022-47986. We strongly recommend patching on an emergency basis.
3 min
Emergent Threat Response
Rapid7-Observed Exploitation of Adobe ColdFusion
Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments.
4 min
Emergent Threat Response
Active Exploitation of ZK Framework CVE-2022-36537
Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.
2 min
Emergent Threat Response
CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability,
this blog post will evolve, too.
Rapid7 is responding to various compromises arising from the exploitation of
CVE-2022-21587 [http://nvd.nist.gov/vuln/detail/CVE-2022-21587], a critical
arbitrary file upload vulnerability (rated 9.8 on the CVSS v3 risk metric)
impacting Oracle E-Business Suite (EBS). Oracle published a Critical Patch
Update Advisory [http://www.oracle.com/security-alerts/cpuoct2022.html] in
Octob
2 min
Emergent Threat Response
CVE-2023-22501: Critical Broken Authentication Flaw in Jira Service Management Products
Atlassian has published an advisory for CVE-2023-22501, a critical broken authentication vulnerability affecting Jira service management products.
2 min
Emergent Threat Response
Ransomware Campaign Compromising VMware ESXi Servers
Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.
3 min
Emergent Threat Response
Exploitation of GoAnywhere MFT zero-day vulnerability
A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.
1 min
Emergent Threat Response
Exploitation of Control Web Panel CVE-2022-44877
Security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877 in early January. Successful exploitation has since been observed in the wild.
7 min
Emergent Threat Response
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability
Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.
2 min
Emergent Threat Response
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE
Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.
1 min
Emergent Threat Response
CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability
On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.