Posts tagged 脆弱性管理

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. 成功ful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.

4分钟紧急威胁响应

CVE-2024-3400: Critical Comm和 Injection 脆弱性 in Palo Alto Networks Firewalls

在周五, 4月12日, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.

13分钟星期二补丁

补丁星期二- 2024年4月

一个最新的零日攻击. 物联网关键rce的防御者. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE 和 Vector String Source to advisories.

2分钟脆弱性管理

Rapid7 offers continued vulnerability coverage in the face of NVD delays

Recently, the US National Institute of St和ards 和 Technology (NIST) announced on the National 脆弱性 Database (NVD) site [http://nvd.nist.gov /) there would be delays in adding information on newly published CVEs. NVD enriches CVEs with basic details about a vulnerability like the vulnerability’s CVSS score, software products impacted by a CVE, information on the bug, 补丁状态等. Since February 12th, 2024, NVD has largely stopped 丰富的漏洞. 鉴于兄弟

8分钟脆弱性管理

补丁星期二- 2024年3月

这个月没有零日漏洞. A single critical RCE: Hyper-V guest escape. 交换恶意DLL RCE. SharePoint的王牌. Azure Kubernetes Service Confidential Containers. Windows 11压缩文件夹.

3分钟脆弱性管理

High-Risk Vulnerabilities in ConnectWise ScreenConnect

2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7点及更早.

9分钟星期二补丁

补丁星期二- 2024年2月

Windows SmartScreen & Internet快捷方式. 局保护模式旁路. Exchange critical elevation of privilege.

2分钟紧急威胁响应

Critical Fortinet FortiOS CVE-2024-21762 Exploited

CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.

5分钟脆弱性管理

Whispers of Atlantida: Safeguarding Your Digital Treasure

Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, 和 uses several evasion techniques such as reflective loading 和 injection before the stealer is loaded.

7分钟星期二补丁

补丁星期二- 2024年1月

Hyper-V临界RCE. Office FBX 3D模型vuln. SharePoint远端控制设备. 关键字Kerberos MitM. 没有零日. Smallest January PT for several years.

5分钟脆弱性管理

Mastering Industrial Cybersecurity: The Significance of Combining 脆弱性管理 with 检测和响应

The convergence of operational technology (OT) 和 information technology (IT) has ushered in new efficiencies but has also exposed vulnerabilities. This article explores the pivotal role of 脆弱性管理和检测和响应 (VM/DR) in the realm of Industrial Cybersecurity.

6分钟脆弱性管理

补丁星期二- 2023年12月

AMD divide-by-zero-day information disclosure. No-interaction MSHTML Outlook critical RCE. 双ICS临界RCE. Fewer patches for fewer products than usual.

9分钟星期二补丁

补丁星期二- 2023年11月

Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.网. 总的来说，补丁比平时少. 旋度补丁.

3分钟 Azure

Setup of Discovery Connection Azure

Are you having trouble trying to get your Azure assets into your InsightVM security console? This blog will help you get started with assessing your Azure virtual machines in InsightVM.

12分钟星期二补丁

补丁星期二- 2023年10月

Zero-day vulns in WordPad, Skype for Business, 和 ASP.网. 12个临界rce. Last public security updates for Windows Server 2012, 2012 R2 和 Windows 11 21H2.