runZero Blog


January 12, 2024

Finding Juniper SRX and EX devices with runZero

Today, January 12th, 2024, Juniper Networks disclosed a serious vulnerability in Juniper SRX firewalls and EX switches. The issue, identified as CVE-2024-21591, allows remote attackers to create a denial-of-service (DoS) condition or to execute arbitrary code with root …

Read More

January 10, 2024

Finding Ivanti Connect Secure and Policy Secure Gateways with runZero

Today, January 10th, 2024, Ivanti disclosed two serious vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure products. The first issue, CVE-2023-46805, allows attackers to bypass authentication controls to access restricted resources without authentication. …

Read More

December 22, 2023

Navigating the Cybersecurity Soundscape: Our Top Podcast Picks of 2023

Here are our top eight cybersecurity podcast episodes for your holiday podcast playlist to kick back and listen to while you sip on some eggnog.

December 19, 2023

The Quest for Yeti

Meet the newest rockstar on our squad: Zeti, the runZero Yeti! 🎉 This sub-zero hero is now our official mascot, and we’re excited to give you the lowdown on how Zeti came to be. Why a Yeti, you ask? Keep reading to find out!

November 9, 2023

How to find SysAid Help Desk instances

How to find SysAid Help Desk instances # On the evening of November 8th Microsoft Threat Intelligence announced that they had discovered attacks by a ransomware gang against the SysAid Help Desk software using a zero-day exploit (CVE-2023-47246). These attacks leveraged a …

Read More

November 1, 2023

How to find Apache ActiveMQ instances

How to find Apache ActiveMQ® instances # On October 25th the Apache team announced a vulnerability (CVE-2023-46604) in ActiveMQ that could lead to unauthenticated remote code execution. Shortly after the issue was disclosed exploits started to appear and the Rapid7 MDR team …

Read More

October 30, 2023

Employee Spotlight: Carter Middleton

Carter Middleton is an indispensable Mid-Market Account Executive! Carter’s commitment to continuous learning and genuine interest in understanding the prospect’s business problem makes him an asset to our team and prospects alike.

October 30, 2023

Finding NGINX Ingress Controllers with runZero

Today, three vulnerabilities in the NGINX Ingress Controller for Kubernetes were disclosed, as described in this article from The Hacker News. These vulnerabilities have CVSS scores ranging from 7.6 to 8.8; all of these scores are considered high. These vulnerabilities have …

Read More

October 16, 2023

Finding Cisco IOS-XE devices with runZero

An actively exploited critical zero-day vulnerability has surfaced in the Cisco IOS-XE operating system, which is used on Cisco routers, switches, and other devices. Deemed “critical” in severity with a CVSS score of 10 out of 10, this vulnerability affects any device …

Read More

October 15, 2023

How to find Samba v4 instances

How to find Samba v4 instances # On October 10th, the Samba team announced an interesting vulnerability that could allow a remote attacker to connect to unix stream sockets on the Samba server. The issue occurs when a RPC service name is requested that contains a unix …

Read More

Subscribe and stay in the loop!

We won't share your email.

Unsubscribe at any time.