You all know by now about the #log4j CVE-2021-44228 that affects lots of Java applications, right?.No? Well that extra sleep must be nice!.We've published a vulnerability note with details: We link to PowerShell and Python3 scanners to find jar files too.

We have been communicating our findings to and collaborating with Pulse Secure. They have published more details about the Integrity Checker Tool (ICT) here: .

Since the Pulse Connect Secure ICT has been public since March, it would be wise to assume that attackers have worked around it by now. Yes, run the ICT if you haven't already by now. No, a clean ICT report doesn't necessarily mean you're fine.

It is important to realize that the Pulse Secure Integrity Checker Tool (ICT) and the PCS factory reset functionality can both be subverted by an attacker on a compromised PCS device. If we can do this, assume that attackers can do this as well. 🤔

If you have a Pulse Connect Secure system and did not immediately apply the instantaneous XML workaround published on April 20, assume compromise until you can prove otherwise. Run the PCS Integrity Assurance package as soon as possible (requires reboot).

RT @cglyer: This is not a drill - patch your Exchange Servers ASAP. We're seeing active exploitation by #HAFNIUM.

We've published vulnerability note VU#490028 about Zerologon / CVE-2020-1472. Windows Domain controllers without the August update from Microsoft are vulnerable to complete domain takeover by an unauthenticated attacker. Samba DCs < 4.8 affected by default.

Citrix vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. Impacts include system compromise by an unauthenticated user on the management network.

RT @CNMF_CyberAlert: Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely….

Microsoft has released ADV200006 about an 0day vulnerability being exploited in the wild in Microsoft Windows Adobe Type Manager Type 1 font parsing. There are almost as many workarounds provided as there are attack vectors!.

Microsoft has released updates for this issue:.

Disable SMB compression and block SMB both inbound AND outbound to help prevent exploitation of an unpatched "wormable" vulnerability in Microsoft Windows SMBv3. ADV200005 CVE-2020-0796 VU#872016.

VU#338824.Microsoft Internet Explorer is being actively exploited in the wild using a new unpatched vulnerability in the Scripting Engine. Disable access to JScript.dll as a workaround.

If you use "Disable all macros without notification" in Microsoft Office for Mac, you may be in for an unpleasant surprise. XLM macros in SYLK (.SLK) content will run without any prompting. This allows for arbitrary code execution without any clicks.

Any device that has a software stack associated with it may become unsafe when it has outlived its support life span. It's Time to Retire Your Unsupported Things.

RT @CVEannounce: CVE Celebrates 20 Years!.. #cve #cveentries #cveids #cna #vulnerabilities #cybersecurity.

It's important to note that these updates are NOT currently being deployed via Windows Update or Microsoft Update. Despite being actively exploited in the wild, manual actions must be taken to receive the fixes.

Exim has released fixes for CVE-2019-15846, an issue where a local or remote attacker can execute programs with root privileges. This affects versions up to and including 4.92.1. The patches were released today in version 4.92.2 and can be found at

A user with the ability to run code (php, cgi, etc.) in the context of Apache can escalate privileges to root. CVE-2019-0211.Apply updates to get the fix.

And just to be clear, this new Exchange vulnerability is CVE-2019-0686. If you have read any guidance that this new exchange vulnerability is CVE-2018-8581, or have taken actions assuming that the mitigations for CVE-2018-8581 will protect you, you may get an unpleasant surprise.