When I look at IT security I can clearly see how it has changed, being today much more mature now than it’s ever been. Governments are working on policies and legislation forcing companies to prioritize IT security. As a result, the entire bug bounty community has bloomed in a way that I could never imagine, security researchers are now working together with companies to identify and mitigate vulnerabilities in a way that we have never done before.

April Patch Tuesday brings 145 vulnerability fixes from Microsoft — the highest number in 19 months—including CVE-2022-26809, a critical remote code execution (RCE) vulnerability in Windows Remote Procedure Call (RPC) Runtime library that impacts all supported Windows products. Notably, Microsoft also released security updates for Windows 7, an end-of-life product since January 2020, which highlights the severity of CVE-2022-26809.

On Monday, April 11, 2022, NGINX published a security blog post detailing three vulnerabilities in the NGINX LDAP reference implementation. NGINX is web server software that also performs reverse proxy, load balancing, email proxy, and HTTP cache services. No CVE has been assigned to these vulnerabilities at this time. The reference implementation uses Lightweight Directory Access Protocol (LDAP) to authenticate users of NGINX proxied applications.

Over the past week, the WhiteSource security team has found several instances of packages that use unusual techniques to disguise malicious intent. These techniques differ from what we have usually seen in the past, such as base64 and JS obfuscation. This time, we are seeing a malicious actor use hex encoding to hide the malicious behavior of the package.

As a cybersecurity organization, Netskope has a responsibility to be transparent about security issues reported in Netskope products and services which might have an impact on Netskope customers or partners. To fulfill this responsibility, Netskope has a smooth, transparent, and industry-standard process under our Product Security Incident Response Team (PSIRT) to disclose the security issues publicly which are reported in Netskope products from various sources.

A vulnerability scan is an automated process that identifies vulnerabilities (security holes) in any software, operating system, or network that bad actors can exploit. In essence, it’s an integral component of vulnerability management focused on protecting businesses from breaches and the exposure of sensitive data.

In the past, the attack surface was defined and protected by the boundaries of the organization’s physical network (aka the LAN). Using physical security methods, firewalls, and careful monitoring, organizations kept their data, endpoints, and networks secure. The entire attack surface was internal, within a well-defined and fortified perimeter.

Microsoft continues urging its customers to understand two core security vulnerabilities in the domain controllers of Active Directory. These vulnerabilities had been addressed by the company in November 2021. It was followed by a PoC or Proof of Concept tool on 12th December. The two vulnerabilities have been tracked as CVE-2021-42278 sAM (sAMAccountName spoofing ) and CVE-2021-42287 KDC.

CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus.

Last week, we announced the discovery of Spring4Shell — a remote code execution (RCE) vulnerability in older versions of the spring-beans package. In our blog post Spring4Shell: The zero-day RCE in the Spring Framework explained, we showed how an old Tomcat exploit for CVE-2010-1622 became relevant again. Due to the nature of the problem, we expected that additional payloads could be created beyond this known Tomcat exploit.