You all know by now about the #log4j CVE-2021-44228 that affects lots of Java applications, right? No? Well that extra sleep must be nice! We've published a vulnerability note with details: https://t.co/tMcFgcI0bL We link to PowerShell and Python3 scanners to find jar files too.

We have been communicating our findings to and collaborating with Pulse Secure. They have published more details about the Integrity Checker Tool (ICT) here: https://t.co/Pak8al6oVe

Since the Pulse Connect Secure ICT has been public since March, it would be wise to assume that attackers have worked around it by now. Yes, run the ICT if you haven't already by now. No, a clean ICT report doesn't necessarily mean you're fine.

It is important to realize that the Pulse Secure Integrity Checker Tool (ICT) and the PCS factory reset functionality can both be subverted by an attacker on a compromised PCS device. If we can do this, assume that attackers can do this as well. 🤔

If you have a Pulse Connect Secure system and did not immediately apply the instantaneous XML workaround published on April 20, assume compromise until you can prove otherwise. Run the PCS Integrity Assurance package as soon as possible (requires reboot). https://t.co/J4vIdQm3TP

This is not a drill - patch your Exchange Servers ASAP We're seeing active exploitation by #HAFNIUM https://t.co/6q7KdPlKxg

We've published vulnerability note VU#490028 about Zerologon / CVE-2020-1472. Windows Domain controllers without the August update from Microsoft are vulnerable to complete domain takeover by an unauthenticated attacker. Samba DCs < 4.8 affected by default https://t.co/L5Mf91XmrH

Citrix vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. Impacts include system compromise by an unauthenticated user on the management network. https://t.co/c7Ghne8Frv

Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability.

Microsoft has released ADV200006 about an 0day vulnerability being exploited in the wild in Microsoft Windows Adobe Type Manager Type 1 font parsing. There are almost as many workarounds provided as there are attack vectors! https://t.co/CNu5iV2Pc2

Microsoft has released updates for this issue: https://t.co/YJO9L8U0ME

Disable SMB compression and block SMB both inbound AND outbound to help prevent exploitation of an unpatched "wormable" vulnerability in Microsoft Windows SMBv3. https://t.co/Q9Go1MdC6Y ADV200005 CVE-2020-0796 VU#872016

VU#338824 Microsoft Internet Explorer is being actively exploited in the wild using a new unpatched vulnerability in the Scripting Engine. Disable access to JScript.dll as a workaround. https://t.co/IqrpfrHh89

If you use "Disable all macros without notification" in Microsoft Office for Mac, you may be in for an unpleasant surprise. XLM macros in SYLK (.SLK) content will run without any prompting. This allows for arbitrary code execution without any clicks. https://t.co/AmkqAvOoy0

Any device that has a software stack associated with it may become unsafe when it has outlived its support life span. It's Time to Retire Your Unsupported Things https://t.co/KhzZmqClXs

CVE Celebrates 20 Years! https://t.co/gqCHCv6gR7! #cve #cveentries #cveids #cna #vulnerabilities #cybersecurity

It's important to note that these updates are NOT currently being deployed via Windows Update or Microsoft Update. Despite being actively exploited in the wild, manual actions must be taken to receive the fixes.

Exim has released fixes for CVE-2019-15846, an issue where a local or remote attacker can execute programs with root privileges. This affects versions up to and including 4.92.1. The patches were released today in version 4.92.2 and can be found at

A user with the ability to run code (php, cgi, etc.) in the context of Apache can escalate privileges to root. CVE-2019-0211 Apply updates to get the fix. https://t.co/ylm363fphJ https://t.co/IZnrt4d2s2

And just to be clear, this new Exchange vulnerability is CVE-2019-0686. If you have read any guidance that this new exchange vulnerability is CVE-2018-8581, or have taken actions assuming that the mitigations for CVE-2018-8581 will protect you, you may get an unpleasant surprise.