<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

Security Advisory VMSA-2021-0002

VMware ESXi and vCenter Server updates address multiple security vulnerabilities.

Security Advisory Vulnerability CVE-2021-22986

Datashield recommends patching any BIG-IP servers due to the recently released series of vulnerabilities, CVE-2021-22986 in particular, a pre-auth RCE in the iControl REST interface. An unauthenticated attacker can compromise the server and obtain access into the network. If your team is unable to patch these servers immediately, we recommend following the mitigation steps outlined in the notice sent out by F5, which is below as well.

Security Advisory Vulnerability CVE-2021-26855

Datashield recommends patching any Microsoft Exchange servers due to the recently released series of vulnerabilities, CVE-2021-26855 in particular, and the evidence of this exploit being utilized in the wild. An unauthenticated attacker can compromise the server and obtain access into the network. There is no current mitigation besides patching the affected Exchange servers. Datashield has deployed some initial detections for this CVE, but is still evaluating and creating new detections as we gather more information.

Mimecast Breach Bulletin: Vulnerability 01-26-21

On January 26th, 2020, Mimecast released an updated statement about the compromise first published on January 12th 2020.

Security Advisory - SolarWinds Orion "Sunburst" Supply Chain Attack

On December 13th, 2020, SolarWinds released a statement along with FireEye about a current and ongoing supply chain compromise surrounding the SolarWinds Orion products. This impacts SolarWinds Orion software versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. SolarWinds has pushed out a hotfix that will resolve the affected product.

Detecting and Preventing UNC1878

Recently, The FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA) released an alert that warned that the healthcare industry was being targeted by hackers.

Vulnerability CVE-2020-16898

Microsoft announced a critical vulnerability as part of their Patch Tuesday on 10/12/2020. CVE-2020-16898, dubbed "Bad Neighbor", is a remote code execution (RCE) that occurs when the Windows TCP/IP stack incorrectly handles ICMPv6 Router Advertisement packets with an even length field.

Vulnerability CVE-2020-1472

Datashield recommends patching any Microsoft Windows domain controllers due to the recently released vulnerability, CVE-2020-1472, and subsequent release of publicly available proof of concepts (POC’s). An unauthenticated attacker with access to the network and a route to a domain controller, will allow attackers to compromise it and obtain domain admin privileges in the network. There is no current mitigation besides patching the affected domain controllers.

Vulnerability CVE-2020-1350

Microsoft released a security bulletin today detailing a RCE in all known Windows DNS Servers, with a base CVSS score of 10.0.

Vulnerability CVE-2020-5902

Datashield is aware of a recent vulnerability [CVE-2020-5902] and it has been published for the following F5 products: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)

    Related Posts