Rapid7 – Page 3 – WindowsTechs.com

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

Posted on March 4, 2024 by Zeljka Zorz

JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us an… Continue reading Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)→

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

Posted on February 14, 2024 by Zeljka Zorz

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the … Continue reading QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)→

Fat Patch Tuesday, February 2024 Edition

Posted on February 13, 2024 by BrianKrebs

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Continue reading Fat Patch Tuesday, February 2024 Edition→

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)

Posted on February 12, 2024 by Zeljka Zorz

Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding i… Continue reading Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)→

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

Posted on January 19, 2024 by Zeljka Zorz

A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulner… Continue reading Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)→

1,700 Ivanti VPN devices compromised. Are yours among them?

Posted on January 16, 2024 by Zeljka Zorz

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are acti… Continue reading 1,700 Ivanti VPN devices compromised. Are yours among them?→

Rapid7 introduces AI-powered cloud anomaly detection

Posted on November 21, 2023 by Industry News

Rapid7 has announced its newest innovation in artificial intelligence (AI)-driven threat detection for the cloud. Now available in early access to select Rapid7 customers, this enhancement improves SOC teams’ visibility and response time to cyber threa… Continue reading Rapid7 introduces AI-powered cloud anomaly detection→

Leading CISO Wants More Security Proactivity in Australian Businesses to Avoid Attack ‘Surprises’

Posted on October 18, 2023 by Ben Abbott

Rapid7’s Jaya Baloo says a deficit in Australian organisational IT asset and vulnerability understanding is helping threat actors, and this is being exacerbated by fast growth in multicloud environments. Continue reading Leading CISO Wants More Security Proactivity in Australian Businesses to Avoid Attack ‘Surprises’→

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Posted on October 11, 2023 by Helga Labus

A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a c… Continue reading Critical Atlassian Confluence vulnerability exploited by state-backed threat actor→

Patch Tuesday, October 2023 Edition

Posted on October 10, 2023 by BrianKrebs

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Continue reading Patch Tuesday, October 2023 Edition→