Glenn Thorpe – Noise

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Glenn Thorpe — Tue, 07 Feb 2023 17:27:49 +0000

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too.

Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability (rated 9.8 on the CVSS v3 risk metric) impacting Oracle E-Business Suite (EBS)

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Glenn Thorpe — Thu, 19 Jan 2023 17:46:15 +0000

Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Glenn Thorpe — Wed, 21 Dec 2022 17:35:17 +0000

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

Glenn Thorpe — Tue, 13 Dec 2022 23:19:21 +0000

On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.

CVE-2022-42475: Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Glenn Thorpe — Mon, 12 Dec 2022 18:48:08 +0000

Today FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN. FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild.

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

Glenn Thorpe — Fri, 07 Oct 2022 16:24:42 +0000

On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.

Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138

Glenn Thorpe — Wed, 27 Jul 2022 19:26:38 +0000

Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.

Active Exploitation of VMware Horizon Servers

Glenn Thorpe — Tue, 18 Jan 2022 20:00:15 +0000

Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.

Patch Now: Sonicwall Fixes Multiple Vulnerabilities in SMA 100 Devices

Glenn Thorpe — Wed, 08 Dec 2021 18:57:52 +0000

On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.

Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution

Glenn Thorpe — Tue, 07 Dec 2021 21:41:01 +0000

Zoho customers have had a huge incentive lately to keep their software up to date, as recent Zoho critical vulnerabilities have been weaponized shortly after release by advanced attackers.

Ongoing Exploitation of Windows Installer CVE-2021-41379

Glenn Thorpe — Tue, 30 Nov 2021 19:03:28 +0000

On November 22, 2021, security researcher Abdelhamid Naceri found that Microsoft's initial patch for CVE-2021-41379 did not remediate the vulnerability.

NPM Library (ua-parser-js) Hijacked: What You Need to Know

Glenn Thorpe — Mon, 25 Oct 2021 19:16:58 +0000

For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

Glenn Thorpe — Tue, 21 Sep 2021 19:55:35 +0000

On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.

Popular Attack Surfaces, August 2021: What You Need to Know

Glenn Thorpe — Thu, 12 Aug 2021 17:13:25 +0000

Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.