LINK The government agencies have put out a scanner jointly. Might be useful if you do not have a full fledged vulnerability scanner already.
LINK The MyPRO line are the ones affected and the link above shows the information from the reasearcher
LINK Great information to keep up on.
LINK Apache Log4J has been getting significant of attention in the last 2-3 weeks. Don’t forget the perennial favorite, http server. It needs your attention now as well.
LINK If you need a little help getting up to speed, this may help.
LINK The December Windows patches included fixes for the vulnerabilities. Its advised that these are patched immediately if they have not been rolled out yet.
LINK Above is the latest vulnerability list from CISA
Virginia Museum of Fine Arts – unspecified attack Finite Recruitment – unspecified attack Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of post […]
LINK A Server Side Request Forgery (SSRF) vulnerability in VMware Workspace ONE UEM console was privately reported to VMware. Patches and workarounds are available to address this vulnerability in affected VMware products. The issue has been mitigated for VMware-hosted Workspace ONE consoles. Advisory ID: VMSA-2021-0029 CVSSv3 Range: 9.1 Issue Date: 2021-12-16 Updated On: 2021-12-16 (Initial Advisory) […]
LINK to the CSV file CVE Number CVE Title Remediation Due Date CVE-2021-43890 Microsoft Windows AppX Installer Spoofing Vulnerability 12/29/2021 CVE-2021-4102 Google Chromium V8 Engine Use-After-Free Vulnerability 12/29/2021