LINK The government agencies have put out a scanner jointly. Might be useful if you do not have a full fledged vulnerability scanner already.
Month: December 2021
Several Critical Vulnerabilities Found in Czech Industrial Company, mySCADA devices
LINK The MyPRO line are the ones affected and the link above shows the information from the reasearcher
CISA releases good Information pertaining to the Log4Shell and other Log4J vulnerabilities
LINK Great information to keep up on.
Apache http Server Affected by 2 Critical Vulnerabilities
LINK Apache Log4J has been getting significant of attention in the last 2-3 weeks. Don’t forget the perennial favorite, http server. It needs your attention now as well.
Crowdstrike Produces a Log4J Quick Reference Guide to help
LINK If you need a little help getting up to speed, this may help.
PoC of Two Active Directory Bugs Online
LINK The December Windows patches included fixes for the vulnerabilities. Its advised that these are patched immediately if they have not been rolled out yet.
Vulnerability Summary for the Week of December 13, 2021
LINK Above is the latest vulnerability list from CISA
Breach Announcements – December 17, 2021
Virginia Museum of Fine Arts – unspecified attack Finite Recruitment – unspecified attack Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post […]
VMware announces another Critical Vulnerability
LINK A Server Side Request Forgery (SSRF) vulnerability in VMware Workspace ONE UEM console was privately reported to VMware. Patches and workarounds are available to address this vulnerability in affected VMware products. The issue has been mitigated for VMware-hosted Workspace ONE consoles. Advisory ID: VMSA-2021-0029 CVSSv3 Range: 9.1 Issue Date: 2021-12-16 Updated On: 2021-12-16 (Initial Advisory) […]
Two Vulnerabilities Added to the CISA Catalog
LINK to the CSV file CVE Number CVE Title Remediation Due Date CVE-2021-43890 Microsoft Windows AppX Installer Spoofing Vulnerability 12/29/2021 CVE-2021-4102 Google Chromium V8 Engine Use-After-Free Vulnerability 12/29/2021