Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A vulnerability scan is an automated process that identifies vulnerabilities (security holes) in any software, operating system, or network that bad actors can exploit. In essence, it’s an integral component of vulnerability management focused on protecting businesses from breaches and the exposure of sensitive data.

In the past, the attack surface was defined and protected by the boundaries of the organization’s physical network (aka the LAN). Using physical security methods, firewalls, and careful monitoring, organizations kept their data, endpoints, and networks secure. The entire attack surface was internal, within a well-defined and fortified perimeter.

Microsoft continues urging its customers to understand two core security vulnerabilities in the domain controllers of Active Directory. These vulnerabilities had been addressed by the company in November 2021. It was followed by a PoC or Proof of Concept tool on 12th December. The two vulnerabilities have been tracked as CVE-2021-42278 sAM (sAMAccountName spoofing ) and CVE-2021-42287 KDC.

Last week, we announced the discovery of Spring4Shell — a remote code execution (RCE) vulnerability in older versions of the spring-beans package. In our blog post Spring4Shell: The zero-day RCE in the Spring Framework explained, we showed how an old Tomcat exploit for CVE-2010-1622 became relevant again. Due to the nature of the problem, we expected that additional payloads could be created beyond this known Tomcat exploit.

On Wednesday, April 6, 2022, VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution (RCE) or Authentication Bypass. In addition to the critical severity vulnerabilities, VMware disclosed several high and medium severity vulnerabilities, which could lead to Cross Site Request Forgery (CSRF), Local Privilege Escalation (LPE), or Information Disclosure.

Several vulnerabilities for Java Spring framework have been disclosed in the last hours and classified as similar as the vulnerability that caused the Log4Shell incident at the end of 2021. However, as of the publishing of this report, the still ongoing disclosures and events on these vulnerabilities suggest they are not as severe as their predecessor.

At the end of March 2022, two critical vulnerabilities (CVE-2022-22963 and CVE-2022-22965) were discovered in different components of VMware Spring. Spring is a popular framework focused on facilitating the development of Java applications, including cloud-based apps, eliminating the need for additional code or concerns related to server requirements.

Application Programming Interface (API) attacks are set to become one of the most prevalent cyberattacks with a broad target range. By nature, APIs expose application logic and sensitive data such as personally identifiable information (PII), causing APIs to become a target for attackers. In 2019, Gartner predicted that API hacks would become the most common form of cyberattacks in 2022. So how can teams stay ahead of API attacks?