Spring4Shell Archives - Cyber Security Minute

F5 Distributed Cloud App Infrastructure Protection detects vulnerabilities in real time

Issued by: Help Net Security

F5 launches F5 Distributed Cloud App Infrastructure Protection (AIP), a cloud workload protection solution that expands application observability and protection to cloud-native infrastructures. Powered by technology acquired with Threat Stack, AIP is the newest addition to the F5 Distributed Cloud Services portfolio of cloud-native SaaS-based application security and delivery services. Organizations of all sizes across…

Vulnerabilities

CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

Issued by: Trend Micro Blog

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. We began seeing malicious activities at the…

Vulnerabilities

Vendors Assessing Impact of Spring4Shell Vulnerability

Issued by: Security Week

The developers of Spring, which is owned by VMware and said to be the world’s most popular Java application development framework, announced patches for three vulnerabilities last week. One of them is tracked as CVE-2022-22965, Spring4Shell and SpringShell, and it has been described as a critical remote code execution vulnerability in Spring Framework that can…