The Record
Microsoft: Zerobot adds new exploits, DDoS attack capabilities
The newly discovered Zerobot botnet continues to evolve, increasingly targeting connected Internet of Things devices.
SecurityWeek
Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities
The Zerobot malware that ensnares IoT devices in a DDoS-capable botnet has been updated with more exploits.
Bleeping Computer
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices
A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.
SecurityWeek
Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities
A newly observed Go-based IoT botnet capable of self-replicating and self-propagation has been observed targeting multiple vulnerabilities for initial access.
Trend Micro
Attack Surface Management 2022 Midyear Review Part 2
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year.
The Hacker News
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
Researchers have uncovered two separate malicious cryptocurrency mining campaigns; one exploiting Oracle WebLogic servers and Docker APIs.
Trend Micro
How Malicious Actors Abuse Native Linux Tools in Their Attacks
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.
SecurityWeek
IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products
IBM has released patches for multiple high-severity vulnerabilities in Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector system.
Security Affairs
Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor. The attackers exploited the flaw in an attack […]
The Hacker News
Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage
Hackers "likely" exploited a vulnerability in Atlassian Confluence server to deploy a never-before-seen backdoor for cyberespionage purposes.
Trend Micro
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.
ThreatPost
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
SecurityWeek
SAP Patches Spring4Shell Vulnerability in More Products
As part of its May 2022 Security Patch Day, SAP has released eight new and four updated security notes, including three that address the recent Spring4Shell vulnerability in more products.
CSO
TLS implementation flaws open Aruba and Avaya network switches to RCE attacks
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
ZDNet
How XDR provides protection against advanced exploits | ZDNet
A new batch of cyberthreats requires shifting away from the best-of-breed, point-product approach to security.
CyberSecurity Dive
Familiar names top 2021's most-exploited vulnerabilities list
Top ransomware operators, including Hive and Conti, are exploiting flawed systems to launch new attacks, researchers warn.
DarkReading
API Attacks Soar Amid the Growing Application Surface Area
With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.
The Hacker News
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
Cybersecurity researchers warn of LemonDuck cryptocurrency mining botnet targeting Docker and TeamTNT hacker group attacking Kubernetes and clouds.
SecurityWeek
Oracle Releases 520 New Security Patches With April 2022 CPU
Oracle on Tuesday announced the release of 520 security fixes as part of its April 2022 Critical Patch Update (CPU), including nearly 300 for vulnerabilities that can be exploited remotely without authentication.
Trend Micro
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.
ZDNet
Spring4Shell flaw is now being used to spread this botnet malware | ZDNet
Hackers have started to use the Spring4Shell flaw to install Mirai malware on vulnerable systems.
Security Affairs
Security Affairs newsletter Round 360 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. A DDoS attack took down Finnish govt sites as Ukraine’s President addresses MPs SharkBot […]
Security Affairs
A Mirai-based botnet is exploiting the Spring4Shell vulnerability
Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. […]
The Hacker News
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
Hackers are exploiting recently disclosed critical Spring4Shell vulnerability to execute the Mirai botnet malware.
Ars Technica
Trend says hackers have weaponized SpringShell to install Mirai malware
Researchers have been in search of vulnerable real-world apps. The wait continues.
Bleeping Computer
Mirai malware now delivered using Spring4Shell exploits
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.
SecurityWeek
Spring4Shell Vulnerability Exploited by Mirai Botnet
Trend Micro has confirmed earlier reports that the new Spring4Shell vulnerability has been exploited by the Mirai botnet.
Trend Micro
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.
ZDNet
VMware warns of critical remote code execution bug in Workspace ONE Access | ZDNet
Other severe vulnerabilities have been resolved.
ZDNet
Java Spring4Shell flaw exploit attempts: These are the industries most affected | ZDNet
Attempts to exploit the Spring4Shell flaw are ongoing according to a security company.
Bleeping Computer
VMware warns of critical vulnerabilities in multiple products
VMware has warned customers to immediately patch critical vulnerabilities in multiple products that could be used by threat actors to launch remote code execution attacks.
Infosecurity News
Almost a Fifth of Global Firms Targeted with Spring4Shell
New vulnerability exploited most widely in Europe
CSO
Spring4Shell patching is going slow but risk not comparable to Log4Shell
More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.
The Record
CISA adds Spring4Shell vulnerability, Apple zero-days to exploited catalog
The Cybersecurity and Infrastructure Security Agency (CISA) added four new vulnerabilities to its catalog of exploited bugs, including the much-discussed “Spring4Shell” remote code execution (RCE) vulnerability.
Bleeping Computer
SpringShell attacks target about one in six vulnerable orgs
Roughly one out of six organizations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cybersecurity company.
Bleeping Computer
Microsoft detects Spring4Shell attacks across its cloud services
Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.
SecurityWeek
Defenders Provided Tools and Information for Dealing With Spring4Shell
As more information comes to light, defenders have been provided tools and information to help them deal with the Spring4Shell vulnerability.
Security Affairs
CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog
The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka Spring4Shell, CVSS score: 9.8) flaw in the Spring Framework, along with three other issues, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) […]
ZDNet
Spring4Shell flaw: Here's why it matters, and what you should do about it | ZDNet
Microsoft urges customers to fix patch the Spring4Shell Java bug.
The Hacker News
CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability
CISA Warns of Active Exploitation of Recently Disclosed Critical Spring4Shell Vulnerability
DarkReading
Millions of Installations Potentially Vulnerable to Spring Framework Flaw
Internet scan indicates hundreds of thousands of vulnerable installations, while data from the major Java repository suggests millions, firms say.
Security Affairs
VMware released updates to fix the Spring4Shell vulnerability in multiple products
VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965). According to the virtualization giant, the flaw impacts many of its cloud computing and virtualization products. The Spring4Shell issue was disclosed last week, […]
Bleeping Computer
VMware patches Spring4Shell RCE flaw in multiple products
VMWare has published a security advisory for the critical remote code execution vulnerability known as Spring4Shell, which impacts multiple of its cloud computing and virtualization products.
SecurityWeek
Vendors Assessing Impact of Spring4Shell Vulnerability
Companies have started assessing the impact of the Spring vulnerability dubbed Spring4Shell on their products.
Security Affairs
Security Affairs newsletter Round 359 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church UK […]
Ars Technica
Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.
CyberScoop
'Spring4Shell' bug in framework for Java programming draws widespread warnings
Web applications created in the Spring platform could leave users open to remote code execution, CISA and others are warning.
SecurityWeek
Spring4Shell Exploitation Attempts Confirmed as Patches Are Released
The Spring zero-day vulnerability tracked as Spring4Shell and CVE-2022-22965 has been patched, just as several cybersecurity firms have confirmed seeing exploitation attempts.
Naked Security
Two different “VMware Spring” bugs at large – we cut through the confusion
Whoever came up with the name “Spring4Shell” didn’t help at all… we cut through the Spring Bug confusion
The Record
Spring confirms ‘Spring4Shell’ zero-day, releases patched update
Earlier this week, experts released details on a remote code execution (RCE) vulnerability affecting the Spring Framework. On Thursday it was tagged as CVE-2022-22965 and given a critical score of 9.8.
Bleeping Computer
Spring patches leaked Spring4Shell zero-day RCE vulnerability
Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released.
CSO
Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk
Users are urged to update both the Spring Framework and Spring Boot tool.
SecurityWeek
Spring4Shell: Spring Flaws Lead to Confusion, Concerns of New Log4Shell-Like Threat
The disclosure of several vulnerabilities affecting the Spring Java framework, including one dubbed Spring4Shell, has led to confusion and concerns of a new Log4Shell-like threat.
Security Affairs
Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring
An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called ‘Spring4Shell.’ An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by Spring.io […]
The Hacker News
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
A Chinese security researcher publicly disclosed PoC for the UNPATCHED zero-day remote code execution (RCE) vulnerability in the Java Spring framework
DarkReading
Zero-Day Vulnerability Discovered in Java Spring Framework
A proof-of-concept exploit allows remote compromises of Spring Web applications.
Bleeping Computer
New Spring Java framework zero-day allows remote code execution
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications.
ThreatPost
Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.