Bionic
Data breaches cost about $4,000,000, on average. It’s clear why dedicated teams focus on resolving application vulnerabilities and ensuring their software is secure. This article explains vulnerability management and compares the popular methods for handling vulnerability sprawl. What is a Software Vulnerability? All categories of computer security issues, software and hardware, are Common Weakness Enumerations […]
There are two high vulnerabilities in OpenSSL versions 3.0.0 – 3.0.6. On November 1, the project released OpenSSL version 3.0.7, which mitigates potential exploitation from CVE-2022-3602, “X.509 Email Address 4-byte Buffer Overflow,” along with CVE-2022-3786, “X.509 Email Address Variable Length Buffer Overflow.” What is OpenSSL? OpenSSL is one of the most widely used encryption libraries […]
Today we’re talking about CVE-2022-42889 aka Text4Shell. We’ll walk you through what it is, what you need to know and do to protect your applications, and dive into how Bionic is helping customers understand their overall risk related to this vulnerability. What is Text4Shell? Text4Shell is a vulnerability within the widely used Apache Commons Text […]
As most everyone knows, the investigation on the recently announced SpringShell RCE (CVE-2022-22965) has begun. The point of this blog is not to discuss SpringShell’s issue, so much as dive into preemptive actions and remote code execution or RCE. There are already plenty of blogs and articles written about the incident, but I’m sharing how […]
As you’re probably knee-deep in reacting to the Spring Framework RCE we wanted to provide some helpful information on how to tackle this issue. For all the details from Spring on this RCE here is a link to the granular details of the issue: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement. Just like the Log4Shell vulnerability, there are a lot of […]
My company, Bionic, announced our platinum sponsorship of the OWASP Organization. Everybody knows that the OWASP Top 10 is the gold standard for application security, so I think this news is impressive. I have been in the application security industry for 17 years, and OWASP has been there with me every step of the way. […]
How are you going to address the Log4J issue? The recent major exploit around Log4J (CVE-2021-44228) is a big deal and all over the press. But how are you planning on finding every instance of Log4J in your very complex application? Missing even one instance of Log4J versions 2.0 to 2.14.1 could be a disaster […]
You have probably heard about the recent Peloton API hack. If you have not heard about the details, this link describes the Peloton API Hack. This incident further cements that IoT and PII are directly in the crosshairs for hackers. Every platform these days requires you to give up personal information in order to create […]
We have all probably heard about the recent news on the Twitch data breach. Yes, it is a huge deal, and the hack has received a ton of press. But I am amazed that the thing people are focusing on most is how much money the top streamers are making on a monthly or yearly […]
Bionic to be acquired by CrowdStrike to provide the industry’s most comprehensive cloud security platform. Together, we are creating the industry-defining cloud security platform, fully integrated from code to runtime.