MSSPalert has some good content that I wanted to Share for those that are needing Log4j info. Log4j Timeline of Events, Attacks, Advice Patches – LINK Log4j Scanners and Threat Hunters – LINK
LINK There are so many fixes here, I suggest ANYONE that has anything Oracle, go to the above link to see if they are vulnerable to something.
LINK Zoho’s ManageEngine product seems to always be under attack. They just released a new CRITICAL update. Please update your installation.
https://securityaffairs.co/wordpress/126856/hacking/windows-out-of-band-emergency-fixes.htmlLINK January’s patching had some issues, this is supposed to fix those problems.
LINK If you have anything from Ivanti, check the link above to see what might be vulnerable.
LINK Time for CISA’s weekly Vulnerability Update.
LINK Citrix has an update that should be addressed. Not a CRITICAL one, but still important to address.
LINK If you have Juniper, its time to goto the link above, look at the security updates and pursue performing updates. 34 updates have been posted in the last day or two.
LINK 9 new Vulnerabilities found and 1 of them is Critical in the Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager
LINK Pay close attention to CVE-2022-21907, as HTTP Protocol Stack remote code execution (RCE) flaw that an attacker could exploit by sending a specially crafted packet to a target server using the HTTP Protocol Stack (http.sys) to process packets. Microsoft says the vulnerability is wormable.