Security News

The Cybersecurity and Infrastructure Security Agency has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. "Log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities," the cybersecurity agency explains.

With the end of the year rapidly approaching, IT professionals should put cyber security at the top of their New Year's resolutions. The reason why this is such a problem is because users very often use their work passwords on various websites to minimize the number of passwords that they must remember.

The US government's Cybersecurity and Infrastructure Security Agency on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021. "Since Log4Shell is a critical flaw with a huge attack surface and is very simple to exploit, threat actors are actively using it to launch their attacks even with a patch already released, said Felipe Tarijon, a malware analyst at AppGate Security, in an email to The Register."Several state-sponsored groups are exploiting the flaw in the wild and making modifications to the Log4j exploit.

CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information. Workspace ONE Unified Endpoint Management is a VMware solution for over-the-air remote management of desktops, mobile, rugged, wearables, and IoT devices.

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole. It's interesting this is coming to light as the US government's Cybersecurity and Infrastructure Security Agency tells all federal civilian agencies to take care of CVE-2021-44228 by December 24, 2021.

The Cybersecurity and Infrastructure Security Agency warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats. "In the lead up to the holidays and in light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber attacks," the cybersecurity agency said [PDF].

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch systems against the critical Log4Shell vulnerability and released mitigation guidance in response to active exploitation. CISA has now created a dedicated page with technical details about the Apache Log4j logging library flaw and patching information for vendors and impacted organizations.

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed "Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said.

Each agency has its own operational and technology teams that are not under the direct control of CISA - and that's where the CISA directives come in. A CISA directive is intended to compel tech teams at federal agencies to take certain actions that CISA deems necessary to ensure safe cybersecurity operations.

The Iranian APT has been exploiting Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021, according to the alert. In keeping with what CISA described on Wednesday, MSTIC has seen the Iran-linked Phosphorous group - aka a number of names, including Charming Kitten, TA453, APT35, Ajax Security Team, NewsBeef and Newscaster - globally target the Exchange and Fortinet flaws "With the intent of deploying ransomware on vulnerable networks."