LINK As of this moment someone is actively attacking Zytel Firewalls and VPNs flooding them with login attempts. It is unknown if these attacks are using any type of attack at this time. Make sure all management ports on the external side of the devices are disabled.
Month: June 2021
Disconnect or Dont connect your WD My Book Live NAS from the net
LINK I have been watching this evolve a little yesterday and posted it today. Looks like there is a RCE that allows anyone online to force a complete FACTORY RESET, causing all data on it to be lost. Disconnect it now.
Breach Announcements – June 24, 2021
French Connection (fashion firm also known as FCUK) – ransomware Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post – will only happen […]
Atlassian online Domains (not on-prem) patched to prevent account takeover
LINK The cloud portion of Atlassian had some domains where account takeovers were possible. This is not affecting On-Prem products. The issue was already fixed, this is more of a notification
BIOSConnect feature in Dell PC/Tablets affected by many bugs
LINK The BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.
Carbon Black App Control gets Critical Vulnerability Update
LINK Is you have Carbon Black App Control, then you need to investigate this update immediately.
Breach Announcements – June 23, 2021
Wolfe Eye Clinic (Iowa) – ransomware Grupo Fleury (Brazilian Medical Diagnostic Company) – ransomware Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of […]
Using the Risk Management Process to Effect Change
Over the many years I have been in IT and Security, one item repeatedly comes up. How can a Security Organization effect change when the operations and “regular people” are unwilling to make changes? It is a maddening problem. You know these issues need to be resolved, but the “regular people”, the owners, the customers […]
Sonic-Wall fixes bad patch from Critical VPN vulnerability from October
LINK SonicWall originally patched the stack-based buffer overflow vulnerability in the SonicWall Network Security Appliance (NSA), tracked as CVE-2020-5135, back in October. This week they released a new patch that actually completes the insufficient fix from October.
VMware patches Privilege Escalation Vulnerability
LINK A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges.