Rapid Response

February 20, 2024

Finding Microsoft Exchange Servers with runZero

As part of its updates released on February 13, 2024, Microsoft has disclosed a vulnerability in Microsoft Exchange that would allow attackers to authenticate to Microsoft Exchange servers using a captured NTLM hash (a so-called “pass-the-hash” vulnerability). …

Read More

February 20, 2024

Finding ScreenConnect installations with runZero

On February 19, 2024, ConnectWise disclosed two serious vulnerabilities in their ScreenConnect (formerly Control) remote-access product. The first vulnerability is an authentication bypass vulnerability. Successful exploitation of this vulnerability would allow attackers to …

Read More

February 8, 2024

Finding FortiOS devices with runZero

Today, February 8th, 2024, Fortinet disclosed a serious vulnerability in their FortiOS operating system, used by multiple Fortinet products. The issue, CVE-2024-21762, allows attackers to execute arbitrary code on vulnerable devices. The vendor has indicated that this is a …

Read More

February 8, 2024

Finding Ivanti Connect Secure and Policy Secure Gateways with runZero

Today, February 8th, 2024, Ivanti disclosed a serious vulnerability in the Ivanti Connect Secure and Ivanti Policy Secure products. The issue, CVE-2024-22024, allows attackers to bypass authentication on the affected device to reach restricted resources. This vulnerability …

Read More

February 6, 2024

Finding TeamCity On-Premises installations with runZero

On February 6th, 2024, JetBrains disclosed a serious vulnerability in the TeamCity On-Premises product. The issue, CVE-2024-23917, allows attackers who can access the TeamCity installation via HTTPS to bypass authentication mechanisms and gain administrative privileges on …

Read More

February 5, 2024

Finding AnyDesk Installations with runZero

On February 2, 2024, AnyDesk disclosed that they have been the victim of a cyber attack that has compromised production systems. This compromise led AnyDesk to revoke its current code signing certificate, as well as reset all passwords for various cloud services. The company …

Read More

January 23, 2024

Finding Fortra GoAnywhere MFT with runZero

On January 22nd, Fortra disclosed a serious vulnerability in its GoAnywhere Managed File Transfer (MFT) product. This issue, CVE-2024-0204, allows attackers to bypass authentication controls and create new administrative user accounts. Such accounts can then be used to …

Read More

January 12, 2024

Finding Juniper SRX and EX devices with runZero

Today, January 12th, 2024, Juniper Networks disclosed a serious vulnerability in Juniper SRX firewalls and EX switches. The issue, identified as CVE-2024-21591, allows remote attackers to create a denial-of-service (DoS) condition or to execute arbitrary code with root …

Read More

January 10, 2024

Finding Ivanti Connect Secure and Policy Secure Gateways with runZero

Today, January 10th, 2024, Ivanti disclosed two serious vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure products. The first issue, CVE-2023-46805, allows attackers to bypass authentication controls to access restricted resources without authentication. …

Read More

November 9, 2023

How to find SysAid Help Desk instances

How to find SysAid Help Desk instances # On the evening of November 8th Microsoft Threat Intelligence announced that they had discovered attacks by a ransomware gang against the SysAid Help Desk software using a zero-day exploit (CVE-2023-47246). These attacks leveraged a …

Read More