Posts tagged 脆弱性管理

星期二补丁 - October 2023

Zero-day vulns in WordPad, Skype for Business, 和 ASP.网. 12个临界rce. Last public security updates for Windows Server 2012, 2012 R2 和 Windows 11 21H2.

4分钟脆弱性管理

What’s New in InsightVM 和 Nexpose: Q3 2023 in Review

In this article, we'll take a look at some of the key updates in InsightVM 和 Nexpose from Q3.

3分钟 InsightVM

引入主动风险

Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.

3分钟脆弱性管理

Rapid7 doubles down on a platform approach for 脆弱性 Risk Management

本周, Rapid7 was named a Strong Performer in The Forrester Wave™: 脆弱性 Risk Management, Q3 2023.

8分钟星期二补丁

星期二补丁 - September 2023

相对清淡的一个月. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.

3分钟紧急威胁响应

Exploitation of Juniper Networks SRX Series 和 EX Series Devices

8月17日, 2023, Juniper Networks published an out-of-b和 advisory on four different CVEs affecting Junos OS on SRX 和 EX Series devices. 成功ful exploitation would likely enable attackers to pivot to organizations’ internal networks.

7分钟脆弱性管理

什么是新的CVSS v4

CVSS v4 ushers in some meaningful improvements wrapped in a bit of nuanced complexity, especially if you’re a vendor or threat researcher.

9分钟脆弱性管理

星期二补丁 - August 2023

ASP.网零日攻击. 团队恶意会议. MSMQ临界RCE. 补丁 & a makeover for last month's unpatched zero-day vuln.

6分钟漏洞的披露

CVE-2023-35082 - MobileIron Core Unauthenticated API Access 脆弱性

Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2及以下).

5分钟漏洞的披露

CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]

Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.

2分钟紧急威胁响应

Critical Zero-Day 脆弱性 in Citrix NetScaler ADC 和 NetScaler Gateway

Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC 和 NetScaler Gateway.

8分钟研究

Old Blackmoon Trojan, 新 Monetization Approach

Rapid7正在追踪一个新的, more sophisticated 和 staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.

2分钟紧急威胁响应

SonicWall Recommends Urgent Patching for GMS 和 Analytics CVEs

SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS 和 Analytics products.

12分钟脆弱性管理

星期二补丁 - July 2023

Five zero-day vulns, including an Office maldoc attack with no patch yet 和 a SmartScreen bypass. Eight critical RCEs, 和 130 total vulns. 比最近几个月更忙.

7分钟漏洞的披露

CVE-2023-29298: Adobe ColdFusion Access Control Bypass

Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.