Rackspace Technology is aware that Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is critical that you take immediate action as noted below to help protect your MOVEit Transfer environment. More information on the issue, affected versions, recommended remediation steps, additional security best practices and indicators of compromise, is available here: https://community.
Rackspace Technology is aware that Oracle recently published the following security vulnerabilities impacting Oracle’s GoldenGate, Fusion Middleware, Hyperion, and other products. One Oracle vulnerability addressed is CVE-2022-22965, otherwise known as the Spring4Shell vulnerability. Spring4Shell is a zero-day vulnerability that was first observed being exploited in April 2022, which allows threat actors to remotely execute code on Java Spring Framework web applications. CVE-2022-23457 CVE-2022-45047 CVE-2022-22965 CVE-2022-37434 CVE-2022-33980 CVE-2022-29599 CVE-2022-27404 You can find more about these vulnerabilities via the Oracle Critical Patch Update Advisory: https://www.
Rackspace Technology is aware that Microsoft recently published security vulnerabilities impacting Windows Operating Systems and other products. Microsoft issued patches for one actively exploited zero-day vulnerability (CVE-2023-28252) and 97 flaws, of which 7 are classified as critical. A full list of April 2023 Microsoft Patch Tuesday Security Advisories is available here: https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr) Rackspace engineers have performed an initial assessment and strongly recommend that customers review the advisories and ensure appropriate patches are installed.
Rackspace Technology is aware of an update to the previously published OpenSLP security vulnerability (CVE-2021-21974) impacting VMware ESXi. Our partner VMware published an article available here: https://blogs.vmware.com/security/2023/02/83330.html. When the vulnerability was first announced in February 2021, Rackspace engineers performed the initial assessment and notified affected customers if further action was needed. Rackspace standard VMware environments are designed with an architecture that prevents public access to VMware vCenters and Hypervisors – this design decreases the risk of exploitation of this vulnerability.
Rackspace Technology is aware of recently published security vulnerabilities impacting the Microsoft Windows Operating Systems. On February 14, 2023 Microsoft issued patches for 80 vulnerabilities, of which 9 are critical and 3 are actively exploited as 0-days. Rackspace engineers have performed an initial assessment and are advising customers to ensure February 2023 Windows Patches are installed as there are not any known software mitigations or workarounds for these vulnerabilities. Rackspace customers using our Managed Patching Service will be patched during normal patching cycles.
Rackspace Technology is aware of recently published security vulnerabilities impacting F5 BIG-IP devices on code versions 13+. Our partner F5 published an article on February 2023, available here: https://my.f5.com/manage/s/article/K000130496.
Rackspace Technology is aware of a published security vulnerability (CVE-2023-20076) impacting Cisco IOx. Our partner Cisco published an article, available here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL. In the article, Cisco confirmed that this issue exists, but no platforms support the affected compression algorithm because the code was put there for future application packaging support. This means that there is no immediate way to exploit this issue. Cisco has resolved this issue in the event that a future platform does support the compression algorithm.
Any Company/Organization planning to move to cloud or looking to deploy a greenfield workload, will require a well architected landing zone with the right security posture.
If we are planning to use Rest Services provided by Integrated SOA Gateway (ISG), the first step is to ensure that our EBS instance is configured to use it. The prerequisite is that we should know the E-Business Suite concepts, patching and backend components.
Security has always been a pressing concern even for the most seasoned DBA. Regardless of versions and editions, SQL databases are under constant threat as they hold sensitive data, and that is what the malicious hackers want to access.