September 6, 2024 at 08:00AM Apache announced a security update for open source ERP system OFBiz to address two vulnerabilities including a bypass of patches for two exploited flaws. The bypass, CVE-2024-45195, allows unauthenticated, remote attackers to execute code on affected systems. Rapid7 warns both Linux and Windows systems are affected. Users are urged to … Read more
September 5, 2024 at 05:35PM Apache has addressed a critical security vulnerability in its OFBiz software, allowing attackers to execute arbitrary code on Linux and Windows servers. The flaw, tracked as CVE-2024-45195, was discovered by Rapid7. This is a remote code execution issue caused by a forced browsing weakness. Users are urged to upgrade to … Read more
August 7, 2024 at 08:54AM The Rapid7 Ransomware Radar Report 2024 reveals an alarming increase in ransomware attacks and leaks, surpassing 2023 levels. The report points to a rising threat of ransomware, particularly through the double extortion of encryption and data exfiltration. Additionally, it highlights the activities of key ransomware groups and emphasizes the critical … Read more
July 1, 2024 at 09:06AM On June 18, 2024, cybersecurity firm Rapid7 discovered trojanized installers for three software products from Indian company Conceptworld, distributing information-stealing malware. The compromise was remediated by Conceptworld within 12 hours of disclosure. The malware is capable of stealing browser credentials, cryptocurrency wallet information, logging keystrokes, and establishing connections with command-and-control … Read more
June 26, 2024 at 11:21AM A critical security flaw CVE-2024-5806 impacting Progress Software MOVEit Transfer enables attackers to bypass SFTP authentication, with exploitation attempts already reported. Researchers emphasize risks and urge immediate action, including patching and restricting server access. The flaw affects numerous systems worldwide, making prompt updates essential. CISA also disclosed a recent cybersecurity … Read more
June 21, 2024 at 09:21AM Threat actors are exploiting a recently patched SolarWinds Serv-U vulnerability (CVE-2024-28995) using public proof-of-concept code, as reported by GreyNoise. The vulnerability allows unauthorized access to sensitive files on the host machine. Rapid7 published a technical writeup on successfully exploiting the issue, warning of its trivial exploitability. SolarWinds customers are urged … Read more
June 21, 2024 at 05:24AM A high-severity flaw in SolarWinds Serv-U file transfer software (CVE-2024-28995, CVSS score: 8.6) allows attackers to read sensitive files. Security researcher Hussein Daher discovered the flaw, and a proof-of-concept exploit has been made available. Rapid7 described it as trivial to exploit. Users are urged to apply updates promptly to mitigate … Read more
May 24, 2024 at 09:24AM Thousands of computers are at risk of complete takeover due to a backdoor injected into the Justice AV Solutions (JAVS) Viewer v8.3.7 installer distributed from official servers. The backdoor, discovered by Rapid7, provides attackers with full control over affected systems. Rapid7 recommends updating to version 8.3.8 and re-imaging affected endpoints … Read more
May 23, 2024 at 05:21PM Attackers have backdoored the widely used Justice AV Solutions (JAVS) software, used in courtroom video recording, with malware. JAVS removed the compromised version from its website and conducted a full audit. Cybersecurity company Rapid7 traced the incident and advised reimaging potentially compromised JAVS endpoints and upgrading to the latest safe … Read more
May 23, 2024 at 05:07PM The RustDoor installer, a supply chain cyberattack via Justice AV’s corrupted Viewer v8.3.7, allows adversaries to take over infected systems. It was initially targeting macOS machines in 2023 and later spread to Windows as GateDoor. Customers are advised to re-image affected endpoints and reset credentials, as the threat actors’ C2 … Read more