AZ-500 Exam Review.pdf

The Microsoft scanner can use up a lot of a server’s processing capacity, so CISA recommends running the scan during off-peak hours.

"By 12:00 pm Eastern Daylight Time on Monday, April 5, 2021, download and run the current version of Microsoft Safety Scanner (MSERT) in Full Scan mode and report results to CISA using the provided reporting template," it notes.

https://www.zdnet.com/article/exchange-server-attacks-run-this-microsoft-malware-scanner-now-cisa-tells-government-agencies/

The flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical remote code execution (CVE-2021-22986) also impacting BIG-IQ versions 6.x and 7.x. CVE-2021-22986 (CVSS score: 9.8) is notable for the fact that it’s an unauthenticated, remote command execution vulnerability affecting the iControl REST interface, allowing an attacker to execute arbitrary system commands, create or delete files, and disable services without the need for any authentication.

https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

CISA says CHIRP currently looks for:

• The presence of malware identified by security researchers as TEARDROP and RAINDROP;
• Credential dumping certificate pulls;
• Certain persistence mechanisms identified as associated with this campaign;
• System, network, and M365 enumeration; and
• Known observable indicators of lateral movement.

CHIRP is available on GitHub as a compiled executable or as a Python script.

FireEye in January also released a free tool on GitHub called Azure AD Investigator.

Burnt by SolarWinds attack? US releases tool for post-compromise detection | ZDNet