Two vulnerabilities affecting different Spring projects were identified this week. Here’s what you need to know about Spring4Shell and CVE-2022-22963. The Internet is buzzing with talk about two separate vulnerabilities related to different Spring projects. The two are not related, but have been confused because both vulnerabilities were disclosed at nearly the same time.

Today, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The vulnerability CVE-2022-22963 would permit attackers to execute arbitrary code on the machine and compromise the entire host.

This blog is a part of our new series 5 Strategies for Building Resilience to Financial Crimes and Cyber Attacks in 2022. In the last few years, we have all observed an increase in the sophistication of cyber-enabled attacks and financial crimes. This coincided with intensified focus on digital banking by financial institutions and increased volumes of online transactions.

Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.

You can’t open a newspaper today without reading about another cyberattack or data breach—with web applications accounting for a fair share of the reporting. Web application vulnerabilities, poor infrastructure configurations, and inadequate security controls make these web-based targets a prime focus for attackers. That’s why organizations need to make sure they’ve implemented front-end or “client-side security” as well as server-side or back-end security.

Encryption has come a long, long way over the last few years. Something once reserved only for militaries and governments, encryption has been made super accessible and has become standard practice in the tech industry. Whether it’s texts, photos, or word docs - it can, and should, be encrypted. Put simply, encryption scrambles any file sent or stored online into unreadable nonsense that can only be translated (or decrypted) by a user with a key.

We’re happy to announce the latest version of PAM360 now supports self-service privilege elevation with application whitelisting capabilities. Before exploring the feature in-depth, let’s start with the fundamentals.

Detectify’s Surface Monitoring is the easiest way to monitor and manage your attack surface on the market. This product continuously monitors the configuration and attack surface of your domains and subdomains. It came from the realization that Application Scanning, our other product, is very detailed. Application scanning tries to find every nook and cranny of your application through crawling and fuzzing which is exactly what companies need for custom-built applications.

As a consumer, I’m a bit spoiled. When I pick up my phone to check my messages in the morning, I scan my fingerprint to get instant access to everything I’ve added to my homescreen. It’s my very own personalized magic portal to all my stuff.