8分钟
星期二补丁
补丁星期二- 2024年5月
Zero-days in DWM, MSHTML, 和 Visual Studio. SharePoint critical post-auth RCE. 远程接入修复. 移动宽带USB总线.
3分钟
紧急威胁响应
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. 成功ful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, 以及远程代码执行.
4分钟
紧急威胁响应
CVE-2024-3400: Critical Comm和 Injection 脆弱性 in Palo Alto Networks Firewalls
在周五, 4月12日, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.
13分钟
星期二补丁
补丁星期二- 2024年4月
一个最新的零日攻击. 物联网关键rce的防御者. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE 和 Vector String Source to advisories.
2分钟
脆弱性管理
Rapid7 offers continued vulnerability coverage in the face of NVD delays
Recently, the US National Institute of St和ards 和 Technology (NIST) announced
on the National 脆弱性 Database (NVD) site [http://nvd.nist.gov /)
there would be delays in adding information on newly published CVEs. NVD
enriches CVEs with basic details about a vulnerability like the vulnerability’s
CVSS score, software products impacted by a CVE, information on the bug,
补丁状态等. Since February 12th, 2024, NVD has largely stopped
丰富的漏洞.
鉴于兄弟
8分钟
脆弱性管理
补丁星期二- 2024年3月
这个月没有零日漏洞. A single critical RCE: Hyper-V guest escape. 交换恶意DLL RCE. SharePoint的王牌. Azure Kubernetes Service Confidential Containers. Windows 11压缩文件夹.
3分钟
脆弱性管理
High-Risk Vulnerabilities in ConnectWise ScreenConnect
2月19日, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7点及更早.
9分钟
星期二补丁
补丁星期二- 2024年2月
Windows SmartScreen & Internet快捷方式. 局保护模式旁路. Exchange critical elevation of privilege.
2分钟
紧急威胁响应
Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored 和 other motivated adversaries.
5分钟
脆弱性管理
Whispers of Atlantida: Safeguarding Your Digital Treasure
Recently, Rapid7 observed a new stealer named Atlantida. The stealer tricks users to download a malicious file from a compromised website, 和 uses several evasion techniques such as reflective loading 和 injection before the stealer is loaded.
7分钟
星期二补丁
补丁星期二- 2024年1月
Hyper-V临界RCE. Office FBX 3D模型vuln. SharePoint远端控制设备. 关键字Kerberos MitM. 没有零日. Smallest January PT for several years.
5分钟
脆弱性管理
Mastering Industrial Cybersecurity: The Significance of Combining 脆弱性管理 with 检测和响应
The convergence of operational technology (OT) 和 information technology (IT) has ushered in new efficiencies but has also exposed vulnerabilities. This article explores the pivotal role of 脆弱性管理 和 检测和响应 (VM/DR) in the realm of Industrial Cybersecurity.
6分钟
脆弱性管理
补丁星期二- 2023年12月
AMD divide-by-zero-day information disclosure. No-interaction MSHTML Outlook critical RCE. 双ICS临界RCE. Fewer patches for fewer products than usual.
9分钟
星期二补丁
补丁星期二- 2023年11月
Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.网. Overall fewer patches than usual. 旋度补丁.
3分钟
Azure
Setup of Discovery Connection Azure
Are you having trouble trying to get your Azure assets into your InsightVM security console? This blog will help you get started with assessing your Azure virtual machines in InsightVM.