LINK OMIGOD (CVE-2021-38647) is a vulnerability in the Azure deployed virtual machines running Linux. Make sure to update if you have Azure Linux machines. Many of the scans are coming on ports 5986 and 1270
LINK To make it easy, I pulled it and created a simple txt list you can use. These are the some of the initial access methods. Pulse Secure VPNCVE-2021-22893CVE-2020-8260CVE-2020-8243CVE-2019-11539CVE-2019-11510 CitrixCVE-2020-8196CVE-2020-8195CVE-2019-19781CVE-2019-11634 Microsoft ExchangeCVE-2021-34523CVE-2021-34473CVE-2021-31207CVE-2021-26855 FortinetCVE-2020-12812CVE-2019-5591CVE-2018-13379 SonicWallCVE-2021-20016CVE-2020-5135CVE-2019-7481 F5CVE-2021-22986CVE-2020-5902 Palo AltoCVE-2020-2021CVE-2019-1579 QNAPCVE-2021-28799CVE-2020-36198 SophosCVE-2020-12271 SharePointCVE-2019-0604 Microsoft WindowsCVE-2019-0708CVE-2020-1472CVE-2021-31166CVE-2021-36942 Microsoft OfficeCVE-2017-0199CVE-2017-11882CVE-2021-40444 vCenterCVE-2021-21985 AccellionCVE-2021-27101CVE-2021-27104CVE-2021-27102CVE-2021-27103 FileZenCVE-2021-20655 AtlassianCVE-2021-26084 Zoho CorpCVE-2021-40539 Microsoft AzureCVE-2021-38647
LINK The ADSelfService Plus package was found to have a ciritcal RCE vulnerability on the 6th and is now being utilized by attackers. If you have ADSelfService Plus, patch immediately
LINK Numerous SonicWall firewalls are being targeted. Read the link above immediately if you use SonicWall.
LINK Essentially, they are saying the patch was released as it was meant to installed, but additional actions required to registry changes to Point and Print to an insecure configuration. In ALL cases, apply the CVE-2021-34527 security update. The update will not change existing registry settings After applying the security update, review the registry settings […]
LINK CISA released details on a low complexity Highly dangerous vulnerability on Philips Vue PACs products
LINK CISA release more info if you are an MSP and use Kaseya. Go to the link and read it carefully.
LINK CISA posted about Kaseya telling everyone using their VSA service needs to turn them OFF while they are investigating what rumors say is an internal Supply-Chain attack from Kaseya into select MSPs. Looks to be pushing out REvil ransomware
LINK Just a bit of an update – It was being reported previously that the WD My Book Hard Drives that were connected online were being wiped and reset by an older vulnerability. That looks to NOT be the case, it looks like a new zero-day
LINK CVE-2020-3580 was posted in October, but a new PoC was posted and now there are active widespread attacks occurring against these devices. Time to re-validate its done.