18
Nov
As a general rule, whenever security patches are released for any vulnerability, the patch should be tested and implemented as soon as possible. With vulnerabilities such as Log4Shell, which presented a high risk due to the extensive use of on-prem and hybrid Exchange servers and the extensive exploitation in the wild, it is extremely important to get these patches pushed to all affected systems. Often times, threat actors will prey on victims by using old vulnerabilities that companies or organizations have failed to patch, which enables them to scale operations and target security misconfigurations.
https://www.darkreading.com/attacks-breaches/iranian-apt-actors-breached-a-us-government-network
