Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot

The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks. [TechWeb]( Follow Dark Reading: [RSS]( April 01, 2022 LATEST SECURITY NEWS & COMMENTARY [Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot]( The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks. [Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks]( CISA urges organizations using affected technologies to implement recommended mitigation measures. [Nation-State Hackers Ramp Up Ukraine War-Themed Attacks]( Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team. [Protecting Your Organization Against a New Class of Cyber Threats: HEAT]( Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection. [Global BEC Crackdown Nets 65 Suspects]( FBI and international law enforcement agencies execute "Operation Eagle Sweep." [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Log4j Attacks Continue Unabated Against VMware Horizon Servers]( Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says. [Security's Life Cycle Isn't the Developers' Life Cycle]( Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible. [How Security Complexity Is Being Weaponized]( As environments grow noisier, it becomes easier for attackers to intentionally create distractions. [MORE]( EDITORS' CHOICE [Zero-Day Vulnerability Discovered in Java Spring Framework]( A proof-of-concept exploit allows remote compromises of Spring Web applications. LATEST FROM THE EDGE [Companies Going to Greater Lengths to Hire Cybersecurity Staff]( The cybersecurity market is red-hot. But with so many still-unfilled positions, companies may be more willing to bend or break some hiring rules. LATEST FROM DR TECHNOLOGY [Understanding Private 5G LANs in the Enterprise]( As the technology matures and costs begin to drop, 5G LAN looks more like a realistic replacement for corporate Wi-Fi networks. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report]( - [Build a Case for a Password Manager]( - [5 Reasons To Move your PKI Deployment to the Cloud]( - [2021 Gartner Market Guide for Managed Detection and Response Report]( - [Supply Chain Cyber Risk Management Whitepaper]( [ACCESS TECH LIBRARY NOW]( - [Protecting Industrial Control Systems from Modern Threats]( A 2021 attack on an industrial control system (ICS) at a water treatment plant in a small town in Florida raised eyebrows and surfaced new fears about the risks these kind of systems face. Unfortunately, many ICS systems are working on ... - [Rethinking Asset Management to Improve Enterprise Security]( One common reason behind many enterprise security breaches is that attackers found a system, application, or device that security teams didn't know they had. Attackers can tamper with these unknown systems to make them look legitimate, and security defenders may ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns. - [How Data Breaches Affect the Enterprise]( Many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download this report to delve more into this timely topic. [MORE REPORTS]( CURRENT ISSUE [Rethinking Endpoint Security in a Pandemic and Beyond]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network]( [CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender]( [Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)