Our HoneyPoints are still seeing an increase in the overall numbers of attacking systems exploiting the newest **CENSORED** vulnerability. The traffic has a destination port of TCP/4899.
Most sites should be filtering this port by now, but it seems some smaller organizations have not yet gotten the word about the problem.
Eastern Europe seems to be the home of more than a few systems scanning for this issue.
If you have not yet begun blocking this port, and are a **CENSORED** user who has not upgraded to date, then now would likely be a good time to implement blocks and inspect your exposed systems.
PS – I HAVE UPDATED THIS POSTING AS A RESULT OF A LETTER FROM THE VENDOR INVOLVED WHO REQUESTS THAT WE STOP USING THE TRADEMARKED NAME OF THEIR PRODUCT.