Information from Thursday afternoon to Friday morning. News/Intelligence/IOCs Stories Spring4Shell Vulnerability Exploited by Mirai Botnet – LINK Top Five Security Vulnerabilities: Penetration Testing and Cobalt Research Findings – LINK Windows Autopatch Aims to Make Patch Tuesday ‘Just Another Tuesday’ for Enterprises – LINK SharkBot Android Malware Continues Popping Up on Google Play – LINK New […]
Category: Attack
Updates as of 3/31/2022
I have added a new section that is called Government/Regulation/Russia/Ukraine War related stories. These will be more those relating to the legal/law side of government stories, as well as those specifically around the Russian/Ukrainian War. News/Intelligence/IOCs Stories FBI Releases PIN on Phishing Campaign against U.S. Election Officials – LINK VMware Horizon platform pummeled by Log4j-fueled […]
Malware Analysis – MuddyWater
LINK IOC data has been released for it, take a look and integrate it into your productions.
CISA creates Apache Log4j Vulnerability Guidance webpage
LINK CISA created this page to show updates and suggestions on actions as well.
Active Attack: Zero-Day in Log4j Java library
LINK All versions of Apache are affected. Attacks are already occurring. Update anything Apache now.
Active Attack: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
LINK his joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus—IT help desk software with asset management.
Active Attack: Malware Authors Already Targeting Windows LPE Zero-Day
LINK CVE-2021-41379 is out there and active. No update yet from Microsoft.
Exploit released for Microsoft Exchange RCE bug, patch now
LINK The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday.
Active Attack: Iranian Groups Increasingly Attacking Service Providers
LINK Note if you are a Service Provider, you are part of the Supply Chain to the many companies that you support.
Active Attack: FBI warns of 0-day to FatPipe WARP, MPVPN, and IPVPN Software being
LINK FatPipe released a patch and security advisory, FPSA006, on November 16, 2021, that fixes the vulnerability. All FatPipe WARP, MPVPN, and IPVPN device software prior to releases 10.1.2r60p93 and 10.2.2r44p1 are vulnerable. The security advisory and additional details are available at the following URL: https://fatpipeinc.com/support/cve-list.php.