Information from Thursday afternoon to Friday morning. News/Intelligence/IOCs Stories Spring4Shell Vulnerability Exploited by Mirai Botnet – LINK Top Five Security Vulnerabilities: Penetration Testing and Cobalt Research Findings – LINK Windows Autopatch Aims to Make Patch Tuesday ‘Just Another Tuesday’ for Enterprises – LINK SharkBot Android Malware Continues Popping Up on Google Play – LINK New […]
I have added a new section that is called Government/Regulation/Russia/Ukraine War related stories. These will be more those relating to the legal/law side of government stories, as well as those specifically around the Russian/Ukrainian War. News/Intelligence/IOCs Stories FBI Releases PIN on Phishing Campaign against U.S. Election Officials – LINK VMware Horizon platform pummeled by Log4j-fueled […]
LINK IOC data has been released for it, take a look and integrate it into your productions.
LINK CISA created this page to show updates and suggestions on actions as well.
LINK All versions of Apache are affected. Attacks are already occurring. Update anything Apache now.
LINK his joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus—IT help desk software with asset management.
LINK CVE-2021-41379 is out there and active. No update yet from Microsoft.
LINK The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday.
LINK Note if you are a Service Provider, you are part of the Supply Chain to the many companies that you support.
LINK FatPipe released a patch and security advisory, FPSA006, on November 16, 2021, that fixes the vulnerability. All FatPipe WARP, MPVPN, and IPVPN device software prior to releases 10.1.2r60p93 and 10.2.2r44p1 are vulnerable. The security advisory and additional details are available at the following URL: https://fatpipeinc.com/support/cve-list.php.