On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
Read more about Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IPNIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
Read more about One month in: CyCognito looks at Spring4ShellThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more about Detecting and Validating Spring4Shell Vulnerability: CVE-2022-22965Based on our experience responding to these issues, advice from expert CISOs, and our community of customers here are steps for a simplified response plan you can use today and for future outbreaks.
Read more about Set Up Your Log4J Response PlanThe log4j vulnerability affects code across the world. Learn how to protect your organization with the CyCognito Platform today.
Read more about Apache Log4j | Are you vulnerable?Attack vectors are the path an attacker uses to gain access to your organization’s network. Find out more about the top attack vectors and learn to steer clear of them.
Read more about Top Attack Vectors and How to Prevent ThemNew Vulnerability Patch. Check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched.
Read more about Vulnerability Notice: Patch CVE-2021-31166All organizations such as Colonial Pipeline are under threat of ransomware. These attack vectors arise because they lack attack surface visibility.
Read more about Colonial Pipeline Highlights Weaknesses in Global Supply ChainDoes pen testing still make sense in an era of digital transformation where companies are reinventing themselves to be digital-first businesses?
Read more about Research Results: The Challenges With Pen Testing for CybersecurityWith the Accellion breach not all disclosures were public or full or timely. Learn why this is a bigger problem than this one supply chain attack.
Read more about Why On-Going Supply Chain Attacks Set Up an Awful Game of Telephone
