7x Second Security [18-April-2022]
Using Microsoft Products?
Do this: Patch and update immediately.
Why: "Microsoft has addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler."
Additional Info: https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html/
Using NGINX's LDAP Reference Implementation?
Do this: Update applicable configuration parameters.
Why: An attacker could potentially override the configuration parameters or bypass group membership requirements to force LDAP authentication.
Additional Info: https://thehackernews.com/2022/04/nginx-shares-mitigations-for-zero-day.html
Using ICS and SCADA devices?
Do this: Implement proactive mitigation measures. Isolate ICS and SCADA systems from the IT and OT networks. Limit access to specific managerial and engineering workstations, and monitor systems for unusual activities.
Why: Recently the DOE, CISA, NSA, and FBI have released a joint advisory to warn about the increase in cyberattacks on ICS and SCADA devices and the tools utilized to carry out said attacks.
Additional Info: https://cyware.com/news/cisa-issues-warning-about-malicious-tools-targeting-icsscada-devices-c65548f1