Patch It Now! Vulnerable VmWare Vcenter servers are being hunted online and exploited per ZDNet. Over 6700 are exposed online and vulnerable to attacks that can take over entire company networks. A Chinese researcher published their PoC for CVE-2021-21972 here.
Got Cisco? Get Patching! Per Threatpost Cisco has fixed a critical flaw that could allow a remote attacker to bypass authentication. This affects Cisco’s ACI Multi-site orchestrator used as business management software. But wait, there’s more! A critical flaw in their application services engine could allow unauthenticated remote attackers gain privileged access to host-level operations. And they have patched another critical flaw in their Nexus series 3000 and 9000 switches, NX-OS, which could grant root-level privilege. I worry about these things …
The Data Behemoth: Concerns over Amazon and security lapses per Politico
After years of massive breaches – governments, Equifax, Yahoo and so many more – our data is out there, including usernames and passwords, social insurance numbers, payment data. Unfortunately, the ocean of data keeps rising, cloud is where everything is moving to, and security misconfigurations have been keeping pace, with data spillage in the millions of records.
The pandemic has been a boom for online ordering, which means payment card data is more at risk than ever. The article raises concerns about Amazon’s history of somewhat lax security practices, but anyone handling our data merits our concern – Amazon just has a lot more data to worry about. The onus rests with us to be vigilant and monitor where our data is because if we have to trust someone else with it, we need to verify what happened to it.