is everything fixed now about 4 months after the vulnerability was disclosed (and discussed here December 13,2021) So on this day in March (the 4th) Threatpost has a story from a few days ago: Millions of Java Apps Remain Vulnerable to Log4Shell (a Log4J vulnerability) The main sentences in the story are the following: “Researchers … Read more
First of All, PCI 4.0 will not remove the previous version (3.2.1) it will enhance the PCI standard (this information is from the “At a Glance” document at www.pcisecuritystandards.org) What is New in PCI DSS v4.0?There were many changes incorporated into the latest version of the Standard. Below are examples of someof those changes. For … Read more
why is the defense always behind? Are there some things that we inherently do not like to do?If there is something that is denying us from doing what is necessary to create a good defense then we have to be mindful of these actions – let’s review some Catch22 items. Let’s face it … Read more
So I got this text the other day: Text from unknown number(spoofed anyway no need to put from number it is false – also I modified the link so others will not be able to go to it: WALMART is starting an exceptionally huge research project in your area. This project happens each week, so … Read more
Rapid7 has found a spring framework vulnerability called Spring4Shell As usual a new vulnerability requires risk management to be reassessed. https://nvd.nist.gov/vuln/detail/CVE-2022-22965 Leads to https://tanzu.vmware.com/security/cve-2022-22965 Which says the following information which is important. CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ Affected VMware Products and Versions Severity is critical unless otherwise noted. … Read more