Categories
Vulnerabilities

OpenSSL: What You Need To Know

There are two high vulnerabilities in OpenSSL versions 3.0.0 – 3.0.6. On November 1, the project released OpenSSL version 3.0.7, which mitigates potential exploitation from CVE-2022-3602, “X.509 Email Address 4-byte Buffer Overflow,” along with CVE-2022-3786, “X.509 Email Address Variable Length Buffer Overflow.”  What is OpenSSL? OpenSSL is one of the most widely used encryption libraries […]

Categories
Vulnerabilities

How to Find Text4Shell [CVE-2022-42889] with Bionic

Today we’re talking about CVE-2022-42889 aka Text4Shell. We’ll walk you through what it is, what you need to know and do to protect your applications, and dive into how Bionic is helping customers understand their overall risk related to this vulnerability. What is Text4Shell? Text4Shell is a vulnerability within the widely used Apache Commons Text […]

Categories
Vulnerabilities

SpringShell: What Should I Do Next?

As most everyone knows, the investigation on the recently announced SpringShell RCE (CVE-2022-22965) has begun. The point of this blog is not to discuss SpringShell’s issue, so much as dive into preemptive actions and remote code execution or RCE. There are already plenty of blogs and articles written about the incident, but I’m sharing how […]

Categories
Vulnerabilities

Managing the Spring Framework RCE

As you’re probably knee-deep in reacting to the Spring Framework RCE we wanted to provide some helpful information on how to tackle this issue. For all the details from Spring on this RCE here is a link to the granular details of the issue: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement. Just like the Log4Shell vulnerability, there are a lot of […]

Categories
Vulnerabilities

OWASP Top 10: Beginning but Not the End

My company, Bionic, announced our platinum sponsorship of the OWASP Organization. Everybody knows that the OWASP Top 10 is the gold standard for application security, so I think this news is impressive. I have been in the application security industry for 17 years, and OWASP has been there with me every step of the way. […]

Categories
Vulnerabilities

Address the Zero Day Log4J Vulnerability

How are you going to address the Log4J issue? The recent major exploit around Log4J (CVE-2021-44228) is a big deal and all over the press.  But how are you planning on finding every instance of Log4J in your very complex application? Missing even one instance of Log4J versions 2.0 to 2.14.1 could be a disaster […]

Categories
Vulnerabilities

Peloton Hack: Importance of Exercising Proper API Security

You have probably heard about the recent Peloton API hack.  If you have not heard about the details, this link describes the Peloton API Hack. This incident further cements that IoT and PII are directly in the crosshairs for hackers.  Every platform these days requires you to give up personal information in order to create […]

Categories
Vulnerabilities

Twitch Data Loss Shows the Time for Data Governance is NOW

We have all probably heard about the recent news on the Twitch data breach.  Yes, it is a huge deal, and the hack has received a ton of press.   But I am amazed that the thing people are focusing on most is how much money the top streamers are making on a monthly or yearly […]