Latest Emergent Threat Responses & Analysis

6 min Emergent Threat Response

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WS_FTP Server [https://www.ipswitch.com/ftp-server], a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical (CVE-2023-40044 and CVE-2023-42657). Our research team has identified what appears to be the .NET deserialization vulnerability (CVE-2023-40044) and confirmed that it is exploitable with a single HTTPS POST request and a pre

2 min Emergent Threat Response

CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers

On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.

3 min Emergent Threat Response

Exploitation of Juniper Networks SRX Series and EX Series Devices

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.

7 min Emergent Threat Response

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.

2 min Emergent Threat Response

CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile

CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.

2 min Emergent Threat Response

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.

4 min Emergent Threat Response

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.

2 min Emergent Threat Response

SonicWall Recommends Urgent Patching for GMS and Analytics CVEs

SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.

3 min Emergent Threat Response

CVE-2023-34362: MOVEit Vulnerability Timeline of Events

Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.

2 min Emergent Threat Response

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.

3 min Emergent Threat Response

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.

8 min Emergent Threat Response

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

2 min Emergent Threat Response

Widespread Exploitation of Zyxel Network Devices

Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.

2 min Emergent Threat Response

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software. A patch is available for this vulnerability and should be applied on an emergency basis.

3 min Emergent Threat Response

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and Christiaan Beek all contributed to this blog. On Wednesday, March 29, 2023, multiple security firms issued [https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/] warnings [https://www.s

Posts tagged Emergent Threat Response

Critical Vulnerabilities in WS_FTP Server

CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers

Exploitation of Juniper Networks SRX Series and EX Series Devices

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

SonicWall Recommends Urgent Patching for GMS and Analytics CVEs

CVE-2023-34362: MOVEit Vulnerability Timeline of Events

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Widespread Exploitation of Zyxel Network Devices

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Popular Topics

Tags

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.