Rapid Response Status Page
All Systems Operational
Uptime over the past 90 days. View historical uptime.
Rapid Response Operational
90 days ago
93.7 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.

No incidents or maintenance related to this downtime.

Past Incidents
Dec 18, 2024

No incidents reported today.

Dec 17, 2024

No incidents reported.

Dec 16, 2024
Cleo Remote Code Execution
Resolved - Dear Customers,

Following our recent update regarding the Cole vulnerability,
we would like to inform you that our team is still actively researching this issue.

we have published two new hunting queries for identifying PowerShell spawned from Cleo software and Java spawning suspicious powershell commands. Both being observed as possible post-exploitation activity of Cleo software.

These queries are available on Axon's GitHub:
-Shell execution under Cole software:
https://github.com/axon-git/rapid-response/blob/main/Cleo-CVE-2024-50623/proc_creation_cleo_exploitation.sql
-Java spawning suspicious powershell:
https://github.com/axon-git/rapid-response/blob/main/Cleo-CVE-2024-50623/proc_creation_suspicious_powershell_from_javaw.sql

Axon reports have also been published for Team Axon customers, including the updated list of deliverables.

We continue to monitor the Cole vulnerability and will provide further updates as necessary. Should you have any questions regarding the queries or any other concerns, please don't hesitate to reach out.

Sincerely,
Team Axon
Dec 16, 17:00 UTC
Investigating - Team AXON is aware of a publication about a critical RCE flaw related to Cleo, affecting Cleo servers.
This vulnerability, according to the publications allows a remote unauthenticated attacker to import and execute bash or PowerShell commands by exploiting the default Autorun folder settings.

Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.24) to address additional discovered potential attack vectors of the vulnerability. Customers who cannot immediately upgrade are advised to disable the Outrun feature by going into the System Options and clearing out the Autorun directory.

The vulnerability is still under team AXON's evaluation, our team will provide updates after deeply analyzing and assessing the vulnerability, including potential deliverables. In case of identification of impacted customers, they will be notified directly.

For further assistance, please don't hesitate to contact us.

Sincerely,
Team AXON
Dec 16, 07:20 UTC
Dec 15, 2024

No incidents reported.

Dec 14, 2024

No incidents reported.

Dec 13, 2024

No incidents reported.

Dec 12, 2024

No incidents reported.

Dec 11, 2024

No incidents reported.

Dec 10, 2024

No incidents reported.

Dec 9, 2024

No incidents reported.

Dec 8, 2024

No incidents reported.

Dec 7, 2024

No incidents reported.

Dec 6, 2024

No incidents reported.

Dec 5, 2024

No incidents reported.

Dec 4, 2024
Solana web3.js Supply Chain Attack
Resolved - Dear customers,

Following our latest update, we continued with the threat-focused hunting efforts, looking for indicators of compromise.

Relevant hits that require your attention will be mentioned in the AXON report.

Sincerely,
Team AXON
Dec 4, 14:06 UTC
Investigating - Team AXON is aware of a supply chain attack that was detected in Solana's web3.js library. Compromised versions contained malicious code that was used to steal private keys from users, potentially allowing attackers to drain cryptocurrency wallets.

- The affected versions of the library are 1.95.6 and 1.95.7
- The vulnerability was already addressed by Solana and a safe and updated version of the library was released.
- In addition, npm removed the affected versions so their download is no longer possible.
- The attack appears to only affect projects that updated the library within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 2, 2024.

If this library is used in your organization we recommend verifying that these compromised versions are not in use.

The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments.In case of identification of impacted customers, they will be notified directly.

Please don’t hesitate to contact us for further assistance or any relevant questions.
Sincerely,

Team AXON
Dec 4, 09:15 UTC
Incident History Powered by Atlassian Statuspage