Another Vulnerability in a Cloud Framework

Rapid7 has found a spring framework vulnerability called Spring4Shell   As usual a new vulnerability requires risk management to be reassessed.   https://nvd.nist.gov/vuln/detail/CVE-2022-22965  Leads to https://tanzu.vmware.com/security/cve-2022-22965 Which says the following information which is important. CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ Affected VMware Products and Versions Severity is critical unless otherwise noted. … Read more

Linux Kernel Vulnerability + Dirty Pipe

What does it mean when a Linux Kernel has a vulnerability? the Linux kernel is the software which runs the system – the  main operating system software it is inside all other software – it does connect to applications with shell (usually Bourne image from Linoxide   Updated the image to include Android possible issues … Read more

Vulnerability Management – Just Do It!

Abilities Identify Security issues based on analysis of vulnerabilities – apply cybersecurity and privacy principles to organizational requirements Knowledge Application vulnerabilities, data backup and recovery, host/network access control mechanisms, system administration, network, and operating system hardening techniques. Skills Detecting host and network intrusions Conduct vulnerability scans and recognize vulnerabilities in security systems. Tasks Keep up … Read more

APC UPS (Power Supplies) 3 Critical Vulnerabilities

Do you have an APC UPS(Uninterruptible Power Supply)? (Image above from Armis Research) I do not know which devices actually have these vulnerabilities, assuming Armis research is correct then it may be all devices that connect to the cloud. Armis Research found some vulnerabilities: Armis has discovered a set of three critical vulnerabilities in APC … Read more