Apr 20, 2022
Oracle Releases April 2022 Critical Patch Update
Per CISA- Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Apr 13, 2022
FBI disinfects devices with Cyclops Blink
In early April, the FBI remotely accessed and disinfected US located devices infected with a new botnet malware attributed to the Russian State hacking outfit, Sandworm. The infected devices were primarily firewall devices from WatchGuard and Asus.
Apr 13, 2022
VMware POC Exploit
A POC exploit for VMware has been released taking advantage of an existing RCE vulnerability (CVE 2022-22954 ) currently being used to infect the servers of coin miners. At least one working exploit has been released on Twitter.
Mar 30, 2022
A critical security vulnerability has appeared in the Spring Cloud function which could allow for RCE (remote code execution). As with Log4Shell, the newly dubbed Spring4Shell is another collection of Java Vulnerabilities.
Mar 14, 2022
Veeam Backup & Replication Issue
Veeam has released patches for two critical issues impacting Backup and Replication which provides backup and restore capabilities for virtual environments running on Hyper-V, vSphere, and Nutanix AHV, as well as for servers and workstations, and for cloud-based workloads.
Feb 28, 2022
A Lua-based malware/phishing campaign (likely nation-state sponsored), which utilizes compromised Ukrainian armed service member’s email accounts to target European Union government personnel that are involved in managing the logistics of refugees fleeing Ukraine has emerged.