Datashield Security Advisory:

Datashield Security Advisory:

VMware ESXi and vCenter Server updates address multiple security vulnerabilities.

Datashield recommends patching any BIG-IP servers due to the recently released series of vulnerabilities, CVE-2021-22986 in particular, a pre-auth RCE in the iControl REST interface. An unauthenticated attacker can compromise the server and obtain access into the network. If your team is unable to patch these servers immediately, we recommend following the mitigation steps outlined in the notice sent out by F5, which is below as well.

Datashield recommends patching any Microsoft Exchange servers due to the recently released series of vulnerabilities, CVE-2021-26855 in particular, and the evidence of this exploit being utilized in the wild. An unauthenticated attacker can compromise the server and obtain access into the network. There is no current mitigation besides patching the affected Exchange servers. Datashield has deployed some initial detections for this CVE, but is still evaluating and creating new detections as we gather more information.

Scottsdale, Ariz. -- Datashield is proud to announce its membership with the Financial Services Information Sharing and Analysis Center (FS-ISAC). This partnership further emphasizes Datashield’s commitment to our clients in the financial sector.

In light of the recent SolarWinds Orion “SUNBURST” Supply Chain attack, there is a strong use case for deploying Google Chronicle to protect your network and organization against a similar attack.

Managed Detection and Response (MDR) service providers refer to companies that offer turnkey threat detection and response tools to end-users or security teams through security operations center technologies. MDR services protect cloud-based infrastructure, IT networks, cyber-physical systems, apps, devices, and on-premise assets. The managed security service providers offer round-the-clock monitoring to ensure security incidents can be detected in real-time and mitigated quickly.