Skip navigation

Monthly Archives: February 2022

As the Russia/Ukraine matter escalates, is your organization prepared? CISA offers Shields Up guidance

https://www.cisa.gov/shields-up

WordPress backup/cloning pluggin creator Updraft warns that update is needed.

WordPress backup plugin maker Updraft says “You should update”…
UpdraftPlus security release – 1.22.3 / 2.22.3 – please upgrade

Cisco Talos advises on vulnerabilities in Accusoft ImageGear; one with an RCE. No patches (yet)

https://blog.talosintelligence.com/2022/02/vuln-spotlight-accusoft-code.html

Social engineering about Russia/Ukraine… you know it’s coming

Cybercriminals Have yet to Exploit Russia-Ukraine Tensions

Sentinel Labs is tracking active exploitations of Log4j against VMware Horizon from the middle east

https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/

NSA releases Best Practice recommendations for Cisco Password Types

https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2938313/nsa-publishes-best-practices-for-selecting-cisco-password-types/

Vulnerability in Cisco Secure Email appliances allow for crash, if DANE feature is enabled. Patch available

https://www.bleepingcomputer.com/news/security/cisco-bug-can-let-hackers-crash-cisco-secure-email-gateways/

DoS attacks have been happening in Ukraine. Are you paying attention?

Ukrainian DDoS Attacks Should Put US on Notice–Researchers

If true, this is depressing. I really like(d) Newegg

https://www.windowscentral.com/pc-parts-vendor-newegg-has-bit-scandal-its-hands

NewEgg’s response: https://www.windowscentral.com/pc-parts-vendor-newegg-has-bit-scandal-its-hands#newegg

CISA warns about vulnerabilities in SAP applications that have been addressed by patches. Patch now; especially ones using Internet Connection Manager

https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-maximum-severity-sap-vulnerability/

CISA notice: https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing