I swear this isn’t purely a security podcast, but…
HPE has disclosed a critical zero-day flaw in HPE Systems Insight Manager for Windows and Linux. Mitigation info for Windows has been provided, and at the time of this recording, a security update is not out.
I also want to highlight a story about package theft where the thieves are using Amazon jackets to pass as delivery drivers.
Why do we care?
I bring up the HPE exploit to observe that what happened to SolarWinds could and likely will happen to anyone. The key takeaway is about securing your management tools. Monitor the monitors, and ensure they are locked down. It was SolarWinds this time, that’s not to say it’s not going to be someone else tomorrow.
Also I noted the Amazon theft story to reinforce social engineering attacks. Remember that in your security profile.
Source: Bleeping Computer
Source: Geek Wire