Week in review: Spring4Shell vulnerability, attackers exploiting patched RCE in Sophos Firewall


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online.

Beware of old and new tax-themed scams and schemes
April 18 marks the end of the 2022 US tax season and those individuals who are yet to file their taxes should get a move on.

Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
A critical vulnerability (CVE-2022-1040) in Sophos Firewall in being exploited in the wild to target “a small set of specific organizations primarily in the South Asia region,” Sophos has warned.

IceID trojan delivered via hijacked email threads, compromised MS Exchange servers
A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions.

How to recruit cybersecurity talent from atypical backgrounds
In this interview with Help Net Security, Max Shuftan, Director of Mission Programs & Partnerships at SANS Institute, talks about how companies and the cybersecurity industry should try to recruit hobbyists and DIYers – as well as individuals from many atypical backgrounds – to help fill the growing cybersecurity workforce gap.

Mars Stealer malware pushed via Google Ads and phishing emails
Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick users into downloading it.

JavaScript security: The importance of prioritizing the client side
In this interview with Help Net Security, Vitaly Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process.

Not enough businesses have a formal ransomware plan in place
A research from Thales has found that malware, ransomware and phishing continues to plague global organizations.

Why low-code and identity must co-exist
Software development has emerged as a critical task for organizations looking to compete in the digital economy. It increasingly fuels innovation and even disruption.

Subdomain takeover attacks on the rise and harder to monitor
A research from Detectify found that subdomain takeovers are on the rise but are also getting harder to monitor as domains now seem to have more vulnerabilities in them.

Is next-gen threat modeling even about threats?
The threat landscape evolves with technology, and as threats grow in sophistication, there are concerns about major events like the Colonial Pipeline ransomware attack or the Equifax breach repeating themselves elsewhere.

The security gaps that can be exposed by cybersecurity asset management
Cybersecurity asset management does not come with the excitement following the metaverse, blockchain, or smokescreen detection technologies, but it is essential for the protection of corporate infrastructure.

Cybercriminals launched 9.75 million DDoS attacks in 2021
During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals.

Web3 and the future of data portability: Rethinking user experiences and incentives on the internet
Tech conversations are now peppered with a new, contentious buzzword: Web3, and we’re all likely to hear a lot more of it in the coming years.

2021 COVID bounce: Malware has returned with a vengeance
At a particularly perilous moment for privacy and security, Malwarebytes’ research uncovered a COVID bounce, a massive 2021 resurgence of cyberthreats across multiple categories following pandemic-induced declines in 2020.

Where should companies start when it comes to device security?
The Internet of Things (IoT) market has a security problem that is boiling over into a business issue. According to a recent survey conducted by the Ponemon Institute, 59% of embedded product security decision-makers say they’ve lost revenue due to product security concerns.

The Israeli cybersecurity funding landscape in the past year
In this video for Help Net Security, Yonit Wiseman, Associate at YL Ventures, talks about the Israeli cybersecurity funding landscape in the past year.

We need an industry-backed, tech-neutral resource to restore trust in voice communications
With illegal robocalls now representing nearly half of all unwanted calls in the U.S., consumers are opting to simply not pick up their phones.

Posts on name-and-shame dark web leak sites climbed 85% in 2021
Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to dark web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to a research released from Unit 42 by Palo Alto Networks.

Cybercriminals focusing on crypto donations to Ukraine to trick victims
As the war in Ukraine unfolded, one way of helping was to donate cryptocurrency which resulted in over $50 million in crypto donations. Cybercriminals were quick to move and take advantage of this lucrative situation and inattentive victims.

Cloud-native adoption shifts security responsibility across teams
Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during their digital transformation journeys.

Extended Threat Intelligence: A new approach to old school threat intelligence
The world is shaken by different new crises and cyber events every day. All sectors are affected by the events, either in terms of production, transportation, or security.

Product showcase: Specops uReset SSPR solution
According to Forrester, a single password reset can cost an organization $70. As eye popping as that figure may be, it pales in comparison to organization wide password reset costs.

Product showcase: Secure online authentication “Made in Germany” by Swissbit
Today it is more critical than ever before for businesses to equip themselves with basic data and cybersecurity processes in order to avoid costly mistakes.

New infosec products of the week: April 1, 2022
Here’s a look at the most interesting products from the past week, featuring releases from CRITICALSTART, MetricStream, Nebulon, Rapid7, SEON, and Veriff.

More about

Don't miss