1 min
Emergent Threat Response
New NPM library hijacks (coa and rc)
A popular NPM library called coa, which is used in React packages around the world, has been hijacked to distribute credential-stealing malware.
4 min
Emergent Threat Response
Trojan Source CVE-2021-42572: No Panic Necessary
What is this thing?
Researchers at the University of Cambridge and the University of Edinburgh
recently published a paper [https://www.trojansource.codes/trojan-source.pdf] on
an attack technique they call “Trojan Source.” The attack targets a weakness in
text-encoding standard Unicode—which allows computers to handle text across many
different languages—to trick compilers into emitting binaries that do not
actually match the logic visible in source code. In other words, what a
developer or secu
2 min
Emergent Threat Response
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild
Patches have been available for GitLab CVE-2021-22205 since April 2021, but analysis suggests a large number of instances are still vulnerable.
2 min
Emergent Threat Response
NPM Library (ua-parser-js) Hijacked: What You Need to Know
For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.
3 min
Emergent Threat Response
Apache HTTP Server CVE-2021-41773 Exploited in the Wild
On Monday, October 4, 2021, Apache published an advisory on an unauthenticated remote file disclosure vulnerability in the HTTP Server version 2.4.29.
2 min
Emergent Threat Response
Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)
On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.
2 min
Emergent Threat Response
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
On August 25, 2021, Atlassian published details on a critical remote code execution vulnerability in Confluence Server and Confluence Data Center.
4 min
Emergent Threat Response
ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers
As of August 12, 2021, multiple researchers have detected widespread opportunistic scanning and exploitation of Exchange servers using the ProxyShell chain.
7 min
Emergent Threat Response
Popular Attack Surfaces, August 2021: What You Need to Know
Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.
5 min
Emergent Threat Response
PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains
Late last month (July 2021), security researcher Topotam published a proof-of-concept (PoC) implementation of a novel NTLM relay attack christened “PetitPotam.”
3 min
Emergent Threat Response
Microsoft SAM File Readability CVE-2021-36934: What You Need to Know
CVE-2021-36934 is a local privilege escalation vulnerability that allows non-administrative users to read the Security Account Manager (SAM) files on Windows 10 and 11 systems.
4 min
Emergent Threat Response
Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies
Rapid7 is aware of and tracking all information surrounding a coordinated, mass ransomware attack that appears to be targeting Kaseya VSA patch management and monitoring software.
2 min
Emergent Threat Response
SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know
On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 (released May 5, 2021) and all prior versions.
8 min
Emergent Threat Response
CVE-2021-34527 PrintNightmare: What You Need to Know
Vulnerability note: This blog originally referenced CVE-2021-1675, but members
of the community noted the week of June 29 that the publicly available exploits
that purported to exploit CVE-2021-1675 may in fact have been targeting a new
vulnerability in the same function as CVE-2021-1675. This was later confirmed,
and Microsoft issued a new CVE for what the research community originally
thought was CVE-2021-1675. Defenders should now follow guidance and remediation
information on the new vulnera
2 min
Emergent Threat Response
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
On June 29, 2021, researcher Michael Stepankin (@artsploit) posted details of a pre-auth remote code execution (RCE) vulnerability, CVE-2021-35464, in ForgeRock Access Manager identity and access management software that front-ends web applications and remote access solutions in many enterprises.