🧵 #Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Includes technical deep dive, impact analysis, and actionable mitigation strategies. bit.ly/4olMqq6

🧵 #Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Includes technical deep dive, impact analysis, and actionable mitigation strategies. bit.ly/4m0d7z5

🧵 #Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Includes technical deep dive, impact analysis, and actionable mitigation strategies. bit.ly/4m4S0eY

Detected & mitigated an active Spring4Shell (CVE-2022-22965) exploitation on a network. Attackers attempted RCE via malicious HTTP POST requests. Mitigation in place, monitoring ongoing. Thanks to Telstra's simulation on Forage for the insights! 🔒 #CyberSecurity #Spring4Shell

keyboard_arrow_left Previous keyboard_arrow_right Next

🧵 New Blog: Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Must-read for #Java devs & #AppSec teams bit.ly/3Cr020l #Spring4Shell #InfoSec

🧵 New Blog: Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Must-read for #Java devs & #AppSec teams bit.ly/412naeQ #Spring4Shell #InfoSec

🧵 New Blog: Spring4Shell Vulnerability Explained Learn how a Java 9 architectural change led to a critical RCE vulnerability affecting millions of Spring applications. Must-read for #Java devs & #AppSec teams bit.ly/3Q1B5vx #Spring4Shell #InfoSec

The persistent threat -- why major vulnerabilities like #Log4Shell and #Spring4Shell remain significant and super dangerous, by @BrianVerm @snyksec, #Java and beyond: foojay.io/today/the-pers… #foojaytip

💥 Stay safe out there, coders! And remember, just because it’s called "Spring" doesn’t mean it’s all sunshine and rainbows! 🌈☀️ #Spring4Shell #CVE202222965 #DevSecurity #StayUpdated

🚨 Breaking News for Devs and Security Pros! 🚨 Ever heard of Spring4Shell? No, it’s not a new flavor of ice cream, but it sure is chilling! 🍦❄️ Let’s dive into what this bug is and why it matters! 🧵👇 #CyberSecurity #Spring4Shell #DevLife

• The most common vulnerabilities are: #Spring4Shell (CVE-2022-22965), #Log4Shell (CVE-2021-45046 and CVE-2021-44228), RCE in #Apache #ActiveMQ (CVE-2023-46604) #OpenSSF #Scorecard are helpful to quickly assess the health of open source libraries: linkedin.com/posts/francesc…

#Spring4Shell, or the #XZBackdoor, prompting us to wonder if we could be the next target. During this session, we will explore establishing a secure software development ecosystem to mitigate these security risks.

Spring4Shell: CVE-2022-22965 #tryhackme #Spring4shell #vulnerability #RCE #Java #Spring #CVE-2022-22965 #Walkthrough #InitialAccess #MuirlandOracle #SpringCore #Spring4shell via @RealTryHackMe

Spring4Shell: CVE-2022-22965 - I have just completed this room! Check it out: tryhackme.com/room/spring4sh… #tryhackme #Spring4shell #vulnerability #RCE #Java #Spring #CVE-2022-22965 #Walkthrough #SpringCore #Spring4shell via @RealTryHackMe

In new research, @bishopfox managing principal Ben Lincoln expressed disbelief that the #GWT vulnerability, which allows #RCE, hasn't been fixed in all these years, adding that the #Java deserialization bug is similar to the #Spring4Shell vulnerability bfx.social/3TwqPyq?blaid=…

#Log4Shell & #Spring4Shell proved that we need to keep our dependencies up-to-date From package managers to bots that can create changes on repositories, there are many tools. At #GOTOcph @MaritvanDijk77 will talk about keeping your dependencies in check gotocph.com/2023

Spring Cloud Function HTTP POST detected attempting to exploit a RCE vulnerability (CVE-2022-22963) #Honeypot Run of the mill #cyrptojacking #spring4shell

keyboard_arrow_left Previous keyboard_arrow_right Next

Spring4Shell: CVE-2022-22965 - I have just completed this room! Check it out: tryhackme.com/room/spring4sh… #tryhackme #Spring4shell #vulnerability #RCE #Java #Spring #CVE-2022-22965 #Walkthrough #Tutorial #InitialAccess #MuirlandOracle #SpringCore #Spring4shell via @RealTryHackMe

Great read - remember #Log4J #Spring4Shell etc. #SBOM #FDA #DeviceSecurity #Requirements #SecurityByDesign #SecDevOps #SCA #3rdpartyrisk #3rdpartysecurity #InfoSec #CyberSec #CyberSecurity #Security #CSO #CISO #ThreatModeling lnkd.in/ggrirTs2

On March 31, 2022, #Spring4Shell was announced. For some organizations, it was a real emergency. Thanks to Mend Renovate, @MSCI_Inc addressed the vulnerability in just a few hours. Here’s their full story ➡️ go.mend.io/403ojjo #MendIt #MendTogether #MendCODEfidence