Search cyberveille.decio.ch

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function [CWE-306] in the FortiManager fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability carries a CVSS v3 score of 9.8.

#rapid7 #EN #2024 #Fortinet #FortiManager #CVE-2024-47575 #Zero-Day

·rapid7.com·Oct 23, 2024

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

Ongoing Social Engineering Campaign Refreshes Payloads

On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.

#rapid7 #EN #2024 #TTPs #Social-engineering #Campaign #analysis #BlackBasta

·rapid7.com·Aug 12, 2024

Ongoing Social Engineering Campaign Refreshes Payloads

Supply Chain Compromise Leads to Trojanized Installers | Rapid7 Blog

Rapid7 investigated suspicious behavior emanating from the installation of Notezilla, RecentX, & Copywhiz. These installers are distributed by Conceptworld.

#rapid7 #EN #2024 #Conceptworld #India #Indian #Software #Hacked #Data-Stealing #Notezilla #RecentX #Copywhiz #Supply-chain-attack

·rapid7.com·Jul 7, 2024

Supply Chain Compromise Leads to Trojanized Installers | Rapid7 Blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.

#rapid7 #EN #2024 #Malvertising #Oyster #Backdoor

·rapid7.com·Jun 24, 2024

Malvertising Campaign Leads to Execution of Oyster Backdoor

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog

Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. According to the vendor’s website, JAVS technologies are used in courtrooms, chambers and jury rooms, jail and prison facilities, and council, hearing, and lecture rooms. Their company website cites over 10,000 installations of their technologies worldwide.

#rapid7 #EN #2024 #Backdoored #JusticeAV #US #CVE-2024-4978

·rapid7.com·May 23, 2024

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog

Ongoing Malvertising Campaign leads to Ransomware

Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.

#rapid7 #EN #2024 #Malvertising #Campaign #Ransomware #WinSCP #PuTTY

·rapid7.com·May 14, 2024

Ongoing Malvertising Campaign leads to Ransomware

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog

Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.

#Rapid7 #EN #2024 #APT #TTPs #Kimsuky #Black #Banshee #Thallium #North-Korea

·rapid7.com·Mar 21, 2024

The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog

Rapid7 flames JetBrains over vulnerability disclosure

Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there's apparently a time and a place for these things.

#theregister #EN #2024 #Rapid7 #flames #JetBrains

·theregister.com·Mar 6, 2024

Rapid7 flames JetBrains over vulnerability disclosure

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical). CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).

#rapid7 #EN #2024 #research #JetBrains #TeamCity #CVE-2024-27198 #CVE-2024-27199

·rapid7.com·Mar 4, 2024

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

Patch Tuesday - February 2024

Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE) vulnerabilities, and a critical elevation of privilege vulnerability in Exchange. Six browser vulnerabilities were published separately this month, and are not included in the total.

#rapid7 #EN #2024 #PatchTuesday #february-2024 #CVE-2024-21351 #CVE-2024-21412 #CVE-2024-21413

·rapid7.com·Feb 15, 2024

Patch Tuesday - February 2024

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

#rapid7 #EN #2024 #Critical #Authentication #Bypass #CVE-2024-0204 #Fortra #GoAnywhere

·rapid7.com·Jan 23, 2024

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

On October 27, Rapid7 Managed Detection & Response identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in 2 separate customer environments.

#rapid7 #EN #2023 #CVE-2023-46604 #Apache #ActiveMQ

·rapid7.com·Nov 4, 2023

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center

On 10/4/2023, Atlassian published a security advisory on CVE-2023-22515, a privilege escalation vulnerability affecting Confluence Server & Data Center.

#rapid7 #EN #2023 #Atlassian #Confluence #cve-2023-22515 #0-Day

·rapid7.com·Oct 4, 2023

CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…

#attackerkb #EN #2023 #rapid7 #SonicWall #CVE-2023-34127 #vulnerability #PoC

·attackerkb.com·Aug 21, 2023

CVE-2023-34127

CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability | Rapid7 Blog

Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).

#rapid7 #EN #2023 #CVE-2023-35082 #MobileIron #Core #Unauthenticated #API #Access #Vulnerability

·rapid7.com·Aug 4, 2023

CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability | Rapid7 Blog

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 is observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

#Rapid7 #EN #2023 #MOVEit #Transfer #Vulnerability

·rapid7.com·Jun 4, 2023

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Exploitation of GoAnywhere MFT zero-day vulnerability

On Thursday, February 2, 2023, security reporter Brian Krebs published a warning on Mastodon about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT managed file transfer solution. Fortra (formerly HelpSystems) evidently published an advisory on February 1 behind authentication; there is no publicly accessible advisory.

#rapid7 #EN #2023 #GoAnywhere #BrianKrebs #Fortra #HelpSystems #MFT

·rapid7.com·Feb 5, 2023

Exploitation of GoAnywhere MFT zero-day vulnerability

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS detailed in F5's Base Operating Systems support article. The affected products are detailed in the vendor advisories below:

#rapid7 #EN #2022 #CVE-2022-41622 #CVE-2022-41800 #F5 #BIG-IP #vulnerabilities

·rapid7.com·Nov 17, 2022

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. The vulnerability was announced on October 13, 2022 on the Apache dev list and originally reported by Alvaro Munoz

#rapid7 #EN #2022 #CVE-2022-42889 #Text4Shell #Apache #Commons #Text

·rapid7.com·Oct 18, 2022

CVE-2022-42889: Keep Calm and Stop Saying "4Shell"

CVE-2022-30333

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

#attackerkb #CVE-2022-30333 #analysis #zimbra #Rapid7

·attackerkb.com·Jul 19, 2022

CVE-2022-30333

Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.

#CVE-2021-43893 #Windows #EFS #EN #Microsoft #Rapid7

·rapid7.com·Feb 15, 2022

Dropping Files on a Domain Controller Using CVE-2021-43893

Exploitation of GoAnywhere MFT zero-day vulnerability

On Thursday, February 2, 2023, security reporter Brian Krebs published a warning on Mastodon about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT managed file transfer solution. Fortra (formerly HelpSystems) evidently published an advisory on February 1 behind authentication; there is no publicly accessible advisory.

#rapid7 #EN #2023 #GoAnywhere #BrianKrebs #Fortra #HelpSystems #MFT

·rapid7.com·Feb 5, 2023

Exploitation of GoAnywhere MFT zero-day vulnerability

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS detailed in F5's Base Operating Systems support article. The affected products are detailed in the vendor advisories below:

#rapid7 #EN #2022 #CVE-2022-41622 #CVE-2022-41800 #F5 #BIG-IP #vulnerabilities

·rapid7.com·Nov 17, 2022

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures