Author: DEFENDEDGE

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. Read more

Original release date: December 21, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected… Read more

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. Read more

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. Read more

Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones. Read more

The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities. Read more

Original release date: December 17, 2021 CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability], directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228. Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations review ED 22-02 for mitigation guidance. For additional details, see CISA’s webpage… Read more

Original release date: December 16, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time integrity, and build time security to ensure that 5G cloud… Read more

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. Read more

Original release date: December 15, 2021 CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more