12分钟
星期二补丁
星期二补丁 - October 2023
Zero-day vulns in WordPad, Skype for Business, 和 ASP.网. 12个临界rce. Last public security updates for Windows Server 2012, 2012 R2 和 Windows 11 21H2.
4分钟
脆弱性管理
What’s New in InsightVM 和 Nexpose: Q3 2023 in Review
In this article, we'll take a look at some of the key updates in InsightVM 和 Nexpose from Q3.
3分钟
InsightVM
引入主动风险
Security teams need better prioritization mechanisms. That's why we developed Active Risk, the new risk scoring methodology in InsightVM.
3分钟
脆弱性管理
Rapid7 doubles down on a platform approach for 脆弱性 Risk Management
本周, Rapid7 was named a Strong Performer in The Forrester Wave™: 脆弱性 Risk Management, Q3 2023.
8分钟
星期二补丁
星期二补丁 - September 2023
相对清淡的一个月. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.
3分钟
紧急威胁响应
Exploitation of Juniper Networks SRX Series 和 EX Series Devices
8月17日, 2023, Juniper Networks published an out-of-b和 advisory on four different CVEs affecting Junos OS on SRX 和 EX Series devices. 成功ful exploitation would likely enable attackers to pivot to organizations’ internal networks.
7分钟
脆弱性管理
什么是新的CVSS v4
CVSS v4 ushers in some meaningful improvements wrapped in a bit of nuanced complexity, especially if you’re a vendor or threat researcher.
9分钟
脆弱性管理
星期二补丁 - August 2023
ASP.网零日攻击. 团队恶意会议. MSMQ临界RCE. 补丁 & a makeover for last month's unpatched zero-day vuln.
6分钟
漏洞的披露
CVE-2023-35082 - MobileIron Core Unauthenticated API Access 脆弱性
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2及以下).
5分钟
漏洞的披露
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.
2分钟
紧急威胁响应
Critical Zero-Day 脆弱性 in Citrix NetScaler ADC 和 NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC 和 NetScaler Gateway.
8分钟
研究
Old Blackmoon Trojan, 新 Monetization Approach
Rapid7正在追踪一个新的, more sophisticated 和 staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.
2分钟
紧急威胁响应
SonicWall Recommends Urgent Patching for GMS 和 Analytics CVEs
SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS 和 Analytics products.
12分钟
脆弱性管理
星期二补丁 - July 2023
Five zero-day vulns, including an Office maldoc attack with no patch yet 和 a SmartScreen bypass. Eight critical RCEs, 和 130 total vulns. 比最近几个月更忙.
7分钟
漏洞的披露
CVE-2023-29298: Adobe ColdFusion Access Control Bypass
Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.