Categories
Vulnerabilities

SpringShell: What Should I Do Next?

As most everyone knows, the investigation on the recently announced SpringShell RCE (CVE-2022-22965) has begun. The point of this blog is not to discuss SpringShell’s issue, so much as dive into preemptive actions and remote code execution or RCE. There are already plenty of blogs and articles written about the incident, but I’m sharing how […]

Categories
Vulnerabilities

Managing the Spring Framework RCE

As you’re probably knee-deep in reacting to the Spring Framework RCE we wanted to provide some helpful information on how to tackle this issue. For all the details from Spring on this RCE here is a link to the granular details of the issue: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement. Just like the Log4Shell vulnerability, there are a lot of […]

Categories
Vulnerabilities

OWASP Top 10: Beginning but Not the End

My company, Bionic, announced our platinum sponsorship of the OWASP Organization. Everybody knows that the OWASP Top 10 is the gold standard for application security, so I think this news is impressive. I have been in the application security industry for 17 years, and OWASP has been there with me every step of the way. […]

Categories
Vulnerabilities

Address the Zero Day Log4J Vulnerability

How are you going to address the Log4J issue? The recent major exploit around Log4J (CVE-2021-44228) is a big deal and all over the press.  But how are you planning on finding every instance of Log4J in your very complex application? Missing even one instance of Log4J versions 2.0 to 2.14.1 could be a disaster […]

Categories
Vulnerabilities

Peloton Hack: Importance of Exercising Proper API Security

You have probably heard about the recent Peloton API hack.  If you have not heard about the details, this link describes the Peloton API Hack. This incident further cements that IoT and PII are directly in the crosshairs for hackers.  Every platform these days requires you to give up personal information in order to create […]

Categories
Vulnerabilities

Twitch Data Loss Shows the Time for Data Governance is NOW

We have all probably heard about the recent news on the Twitch data breach.  Yes, it is a huge deal, and the hack has received a ton of press.   But I am amazed that the thing people are focusing on most is how much money the top streamers are making on a monthly or yearly […]