Vulnerability

Java Spring vulnerabilities

Apr 7, 2022 By Fernando Martinez In AT&T Cybersecurity

Several vulnerabilities for Java Spring framework have been disclosed in the last hours and classified as similar as the vulnerability that caused the Log4Shell incident at the end of 2021. However, as of the publishing of this report, the still ongoing disclosures and events on these vulnerabilities suggest they are not as severe as their predecessor.

Read Post

AT&T Cybersecurity

Read more about Java Spring vulnerabilities

This Week in VulnDB - Spring4shell update & more

Apr 7, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - Spring4shell update & more

Testing OWASP's Top 10 API Security Vulnerabilities (Part 1)

Apr 6, 2022 By Saoirse Hinksmon In Veracode

Application Programming Interface (API) attacks are set to become one of the most prevalent cyberattacks with a broad target range. By nature, APIs expose application logic and sensitive data such as personally identifiable information (PII), causing APIs to become a target for attackers. In 2019, Gartner predicted that API hacks would become the most common form of cyberattacks in 2022. So how can teams stay ahead of API attacks?

Read Post

Veracode

Read more about Testing OWASP's Top 10 API Security Vulnerabilities (Part 1)

Two RCE Vulnerabilities Found in Spring Framework

Apr 6, 2022 By Gustavo Palazolo In Netskope

At the end of March 2022, two critical vulnerabilities (CVE-2022-22963 and CVE-2022-22965) were discovered in different components of VMware Spring. Spring is a popular framework focused on facilitating the development of Java applications, including cloud-based apps, eliminating the need for additional code or concerns related to server requirements.

Read Post

Netskope

Read more about Two RCE Vulnerabilities Found in Spring Framework

Understanding the Spring4Shell Vulnerability

Apr 5, 2022 By Arctic Wolf In Arctic Wolf

Learn what the Spring4Shell vulnerability is, why Arctic Wolf has developed the Open Source Spring4Shell Deep Scan, and how to use the Spring4Shell Deep Scan tool to mitigate the impact of the vulnerability.

View Video

Arctic Wolf

Read more about Understanding the Spring4Shell Vulnerability

Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Apr 5, 2022 By Ori Bach EVP of Product In Mend

With more than 38 percent of our customers impacted by the recently discovered Spring4 Shell zero-day vulnerability and more than 33 percent of impacted organizations having already remediated (removed) some or all their vulnerable libraries, I have been involved in many conversations over this incident.

Read Post

Mend

Read more about Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Exploring 3 types of directory traversal vulnerabilities in C/C++

Apr 4, 2022 By Kirill Efimov In Snyk

Directory traversal vulnerabilities (also known as path traversal vulnerabilities) allow bad actors to gain access to folders that they shouldn’t have access to. In this post, we are going to take a look how directory traversal vulnerabilities work on web servers written on C/C++, as well as how to prevent them.

Read Post

Snyk

Read more about Exploring 3 types of directory traversal vulnerabilities in C/C++

GitLab Password Security Vulnerability - CVE-2022-1162

Apr 3, 2022 By Sule Tatar In Arctic Wolf

On Thursday, March 31, 2022, GitLab released an advisory for a critical password security vulnerability in GitLab Community and Enterprise products tracked as CVE-2022-1162. GitLab is DevOps software that combines the ability to develop, secure, and operate software in a single application. The exploitation of CVE-2022-1162 can allow a threat actor to guess a hard-coded password for any GitLab account with relative ease.

Read Post