Vulnerability

Important Updates on Spring4Shell Vulnerability

Mar 30, 2022 By Arctic Wolf Threat Research In Arctic Wolf

In December 2021, the cybersecurity industry was made aware of CVE-2021-44228, known as Log4Shell, a novel vulnerability in a commonly found software component called Java Log4j. Arctic Wolf extensively covered the Log4Shell vulnerability and gave updates as it got involved.

Read Post

Arctic Wolf

Read more about Important Updates on Spring4Shell Vulnerability

CyRC Vulnerability Analysis: Two distinct Spring vulnerabilities discovered - Spring4Shell and CVE-2022-22963

Mar 30, 2022 By Jonathan Knudsen In Synopsys

Two vulnerabilities affecting different Spring projects were identified this week. Here’s what you need to know about Spring4Shell and CVE-2022-22963. The Internet is buzzing with talk about two separate vulnerabilities related to different Spring projects. The two are not related, but have been confused because both vulnerabilities were disclosed at nearly the same time.

Read Post

Synopsys

Read more about CyRC Vulnerability Analysis: Two distinct Spring vulnerabilities discovered - Spring4Shell and CVE-2022-22963

Detecting and Mitigating CVE-2022-22963: Spring4Shell RCE Vulnerability

Mar 30, 2022 By Stefano Chierici In Sysdig

Today, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The vulnerability CVE-2022-22963 would permit attackers to execute arbitrary code on the machine and compromise the entire host.

Read Post

Sysdig

Read more about Detecting and Mitigating CVE-2022-22963: Spring4Shell RCE Vulnerability

Is there such a thing as Spring4Shell?

Mar 30, 2022 By Micah Silverman In Snyk

Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.

Read Post

Snyk

Read more about Is there such a thing as Spring4Shell?

CVE-2022-23648 - Arbitrary Host File Access from containers launched by containerd CRI and its impact on Kubernetes

Mar 29, 2022 By Leonid Sandler In ARMO

Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general container isolation is expected to prevent such access, in Kubernetes, it is especially dangerous because well-known and highly sensitive files are stored in known locations on the host.

Read Post

ARMO

Read more about CVE-2022-23648 - Arbitrary Host File Access from containers launched by containerd CRI and its impact on Kubernetes

Firewall Inferno - Sophos & SonicWall Vulnerabilities

Mar 29, 2022 By Sule Tatar In Arctic Wolf

CVE-2022-1040 and CVE-2022-22247 are two recent vulnerabilities that have been discovered in two different Firewall products. This blog post will cover both the Sophos Firewall vulnerability (CVE-2022-1040) and the SonicWall Firewall vulnerability (CVE-2022-22247).

Read Post

Arctic Wolf

Read more about Firewall Inferno - Sophos & SonicWall Vulnerabilities

Splunk Indexer Vulnerability: What You Need to Know

Mar 29, 2022 By Chris Cooney In Coralogix

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

Read Post

Coralogix

Read more about Splunk Indexer Vulnerability: What You Need to Know

Vulns Unleashed: dompdf

Mar 28, 2022 By Snyk In Snyk

Join Kyle and Brian with guest DeveloperSteve as we learn about the dompdf vulnerability! We’ll dive into the latest CVEs, examine the vulnerable code, execute working exploits, and understand how to apply important fixes. By the end of the show, you’ll know how to find, exploit, and remediate these vulnerabilities in your own projects with ease.

View Video

Snyk

Read more about Vulns Unleashed: dompdf

Outpost24 webinar - The State of Ransomware in 2021 and How to Limit Your Exposure

Mar 24, 2022 By Outpost 24 In Outpost 24

Ransomware has continued to grow in maturity throughout the first half of 2021. As businesses struggle to understand yet another major attack that hit the Kaseya supply chain, organizations are beginning to realize data backups and cyber insurance alone won’t save them.

View Video

Outpost 24

Read more about Outpost24 webinar - The State of Ransomware in 2021 and How to Limit Your Exposure

An overview of our vulnerability assessment and pentesting process | Cyphere

Mar 23, 2022 By Cyphere In Cyphere

This video will give you a broad overview of our vulnerability assessment and pentesting process. We'll talk about the different phases, how we prioritize vulnerabilities, and what workflows we use to make sure that your team is getting the most out of every engagement.#vapt #vulnerabilityassessment #pentesting

View Video