I'm #hiring a vulnerability research manager in #Dublin, IE to manage zero-day research and coordinated vuln disclosure and to manage a small team of exceptionally skilled and kind folks. Hybrid role for now, Reading UK and Prague CZ also possible in addition to Dublin! https://careers.rapid7.com/jobs/manager-vulnerability-research-dublin-ireland
Notices by Caitlin Condon (catc0n@infosec.exchange)
-
Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Tuesday, 07-Jan-2025 23:52:42 JST 
Caitlin Condon
-
Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Tuesday, 24-Dec-2024 04:47:50 JST
Caitlin Condon
Pre-Christmas 0day just dropped, video PoC here: https://m.youtube.com/watch?v=E8gmARGvPlI
-
Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Thursday, 19-Dec-2024 05:47:42 JST
Caitlin Condon
Almost exactly a year ago, Rapid7 put out a technical analysis of Apache #Struts 2 CVE-2023-50164 that said:
* Exploit payloads were going to need to be customized to the target
* It wasn't clear that there was any critical mass of remotely exploitable applications out of the box
* The reports of exploitation in the wild all appeared to be unsuccessful attempts rather than IRL compromises of production systems.
https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis
Fast-forward to CVE-2024-53677 and we can repeat the above verbatim, with one pretty notable exception — the "fixed" version that ostensibly remediates the vulnerability actually doesn't, and code-level changes are required (to migrate away from the vulnerable file upload interceptor) to actually remediate it. Also the "fixed" release (6.4.0) appears to have gone out a year ago? No idea. Big ups to @fuzz for the analysis!
https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c
-
Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Monday, 16-Dec-2024 23:57:30 JST
Caitlin Condon
Full Rapid7 analysis of #Cleo CVE-2024-55956 now available c/o @stephenfewer. It's neither a patch bypass of CVE-2024-50623 nor part of a chain after all — totally new bug, different exploitation strategies across the two issues (though the same endpoint gets used either way).
I'm not sure it's been mentioned much yet that Cleo evidently released IOCs related to CVE-2024-50623 in October 2024, implying the older bug's been exploited for a minute. Would sure be helpful to know more about who was doing that exploiting, particularly now that Cl0p has claimed credit for last week's attack.
https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis
-
Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Friday, 15-Nov-2024 22:24:30 JST
Caitlin Condon
Unpatched 0day in an enterprise firewall management interface? Must be Friday :batman: https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/
-
Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Monday, 22-Jan-2024 02:28:44 JST
Caitlin Condon
This is exceptional: https://ciaranmartin.substack.com/p/on-the-matter-of-the-british-library
All GNU social JP content and data are available under the