Collaborate Disseminate
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security rese… Continue reading MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and … Continue reading MOVEit Transfer zero-day attacks: The latest info
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-… Continue reading Zyxel firewalls under attack by Mirai-like botnet
A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerabil… Continue reading Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. Continue reading Microsoft Patch Tuesday, May 2023 Edition
When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been exploited in the wild “in very limited attacks.” Were your servers among… Continue reading Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359)
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 IBM Aspera Faspex is used by organizations to allow employees to quickly and se… Continue reading Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Rapid7 spends $38 million to acquire Israeli anti-ransomware startup Minerva Labs to beef up its managed detection and response portfolio.
The post Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million appeared first on SecurityWeek.
Continue reading Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million
Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. Continue reading Microsoft Patch Tuesday, March 2023 Edition
While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a threat, according to Rapid7. Deploying exploits Attackers are developing and d… Continue reading Attackers are developing and deploying exploits faster than ever