NIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4Shell
NIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4ShellThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more about Detecting and Validating Spring4Shell Vulnerability: CVE-2022-22965Based on our experience responding to these issues, advice from expert CISOs, and our community of customers here are steps for a simplified response plan you can use today and for future outbreaks.
Read more about Set Up Your Log4J Response PlanThe log4j vulnerability affects code across the world. Learn how to protect your organization with the CyCognito Platform today.
Read more about Apache Log4j | Are you vulnerable?Attack vectors are the path an attacker uses to gain access to your organization’s network. Find out more about the top attack vectors and learn to steer clear of them.
Read more about Top Attack Vectors and How to Prevent ThemNew Vulnerability Patch. Check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched.
Read more about Vulnerability Notice: Patch CVE-2021-31166All organizations such as Colonial Pipeline are under threat of ransomware. These attack vectors arise because they lack attack surface visibility.
Read more about Colonial Pipeline Highlights Weaknesses in Global Supply ChainDoes pen testing still make sense in an era of digital transformation where companies are reinventing themselves to be digital-first businesses?
Read more about Research Results: The Challenges With Pen Testing for CybersecurityWith the Accellion breach not all disclosures were public or full or timely. Learn why this is a bigger problem than this one supply chain attack.
Read more about Why On-Going Supply Chain Attacks Set Up an Awful Game of TelephoneMicrosoft Exchange Vulnerabilities – a perfect example why using old technology impacts your security posture today.
Read more about Lessons Learned from Microsoft Exchange Zero-Days
