Weekday Digest – 4/8/2022 (Friday)

Information from Thursday afternoon to Friday morning. News/Intelligence/IOCs Stories Spring4Shell Vulnerability Exploited by Mirai Botnet – LINK Top Five Security Vulnerabilities: Penetration Testing and Cobalt Research Findings – LINK Windows Autopatch Aims to Make Patch Tuesday ‘Just Another Tuesday’ for Enterprises – LINK SharkBot Android Malware Continues Popping Up on Google Play – LINK New […]

Updates as of 3/31/2022

I have added a new section that is called Government/Regulation/Russia/Ukraine War related stories. These will be more those relating to the legal/law side of government stories, as well as those specifically around the Russian/Ukrainian War. News/Intelligence/IOCs Stories FBI Releases PIN on Phishing Campaign against U.S. Election Officials – LINK VMware Horizon platform pummeled by Log4j-fueled […]

Active Attack: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

LINK his joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus—IT help desk software with asset management.

Active Attack: FBI warns of 0-day to FatPipe WARP, MPVPN, and IPVPN Software being

LINK FatPipe released a patch and security advisory, FPSA006, on November 16, 2021, that fixes the vulnerability. All FatPipe WARP, MPVPN, and IPVPN device software prior to releases 10.1.2r60p93 and 10.2.2r44p1 are vulnerable. The security advisory and additional details are available at the following URL: https://fatpipeinc.com/support/cve-list.php.