CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
custom applications
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …
Idaho inmates hacked prison system to add money to their accounts
364 inmates at five correctional facilities in Idaho have managed to add nearly a quarter million dollars worth of credit to their JPay accounts by exploiting a vulnerability …
Google introduces new protections to prevent app-based account compromise
Google has implemented new protections that should considerably reduce the risk of potentially malicious apps gaining control of users’ Google account. There can be no …
Companies struggle to deploy security for custom applications
As more and more companies migrate their application workloads from their datacenters to infrastructure-as-a-service (IaaS) platforms such as the Amazon Web Services (AWS) …