#Log4Shell has no easy fix or check, make sure you've taking a software inventory to identify hosts, checking vendor advisories daily (and for new ones), and patching immediately.
Vuln scanning should be a part of your plan, but not THE plan.
#btbalert
Another security update for Apache Log4j. Please update to version 2.16.0. CVE-2021-45056 has been discovered due to incomplete fixes to the Log4Shell issue. #btbalert https://t.co/5KduXbk8Ey
CISA makes a strong statement which aligns with the recommendations we’ve issued clients. If you have a WAF, yes there’s a nice capability - but patch whenever possible. #btbalert
https://t.co/wohxiwb3sQ
Popular Java library "log4shell" contains a now patched critical vulnerability, trivial RCE. MANY pieces of software use it.
The nature of updating libraries makes this tricky and less obvious for vulnerable software. Check vendors, patch ASAP. #btbalert https://t.co/31llhOGCMI
FBI... email server... compromised... well, not really, but it sure did look that way for a moment. TL:DR many organizations receiving SPAM messages from a valid FBI domain. See Krebs for full background (https://t.co/OmoDpxx9yx)
We've seen BTB clients get hit, lookout #btbalert
When USCYBERCOM issues an alert, it's one to pay attention to.
Original vuln write-up - https://t.co/TIv5D5OAZK
Vendor advisory (that will surely be changing) - https://t.co/2PXFXSObFN
Patch this, now, pretty please.
#btbalert
Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend.
Not a good month for Microsoft, trending towards worst ever? Latest is broken ACLs on sensitive SYSTEM files introduced in Win10 Build 1809. No patch yet, workarounds not pretty but worth considering. Cool name too #hivenightmare
https://t.co/yCccvTJP4D
#btbalert
For those following CVE-2021-1675, aka "PrintNightmare", some additional guidance from CISA... still silence from MS.
Random - I'm not sure my feels on the naming of vulns, I can't hate it, but I don't love it.
https://t.co/RW20QYZcDY
#btbalert
I feel like we were just here the other day... critical vulnerabilities, in Exchange, that you need to patch right now. Oh wait, we WERE just dealing with this.
Go forth and patch. Quickly. Please
https://t.co/TDI0DSwnAT
#btbalert
There's widespread reporting of the recent MS Exchange vulnerabilities being actively exploited in the wild. If you haven't yet, get those patches applied. While Exchange Online isn't impacted, plenty of orgs are still vulnerable.
https://t.co/xmqqwjwfKM
#btbalert#msexchange
@btb_alerts
Do you have VMWare? You should read this and patch vulnerable things... it's a quick way for bad people to do bad things in your nice network.
https://t.co/ndQoWfcWVN
#btbalert
@Q_e_w@sherrod_im MS08-067 wasn't as "clever" as some of the other mentions, but was devastating in its time... was EVERYWHERE for years and trivial to exploit with Metasploit.
It woke many an IT Admin up to the ease and speed of major vulns, to me, biggest impact.
Sudo "make me a sandwich" - now possible for all unprivileged users.
If you haven't seen it, serious vulnerability in 'sudo', going back 10 years. Patch/update now.
#baronsamedit#btbalert
https://t.co/jpEQDJTmcx
https://t.co/tdx0xQMVC0
So it's been, I dunno...FOREVER, since I've tweeted at all. But the new big, scary, seems-to-be-breaking-the-Internet vulnerability hit yesterday. It's CVE-2020-1350.
People, patch your stuff. Not in a month, not tomorrow, now.
https://t.co/X7mPB6VaTi
"Nobody knows how they got the USPS master key"
This somehow feels relevant to the encryption backdoor debate. I'm trying to put my finger on how, but I'm drawing a blank.
But what do I know? Create master encryption keys and everything will be fine...
@AnahiSantiago Austin didn’t seem much different to me than Philly, NY, Chicago, Denver, or any other major US city. Now if you can check out the Southern Congress (or “SoCo” to the locals), lots of great food and plenty walkable. Also Mt Bonnell is worth a trip, beautiful view