Security News

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. Like other enterprise-targeting ransomware operations, Black Basta will steal corporate data and documents before encrypting a company's devices.

Emotet malware attacks are back after a 10-month "Spring break" - with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. The latest activity observed by researchers occurred while Emotet was on a "Spring break." Efforts were lowkey and likely an attempt to test new tactics without drawing attention.

March Patch Tuesday releases followed in the footsteps of February with low numbers of CVEs reported and resolved, and all updates rated as important except one critical update for Microsoft Exchange Server. Could April Patch Tuesday provide the deluge of critical updates we were expecting last month?

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions.

The CVE-2022-22963 bug exists in a Spring component called Spring Cloud Function, which is an optional module that you can use inside the Spring ecosystem to write your Spring code in what's known as a "Functional" style, where you strip back the code needed for data processing to a minimum. Patching against the CVE-2022-22963 bug is easy: if you use the Spring Cloud Function module anywhere in your Spring-based ecosystem, upgrade to version 3.1.7 or 3.2.3, depending on which of the two officially supported branches of Spring Cloud Function you have.

Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed 'Spring4Shell' was briefly published on GitHub and then removed.

Another Java Remote Code Execution vulnerability has reared its head, this time in the popular Spring Framework and, goodness, it's a nasty one. This is a severe remote code execution zero day that can be accessed over HTTP or HTTPS. "Spring have acknowledged the vulnerability and released 5.3.18 and 5.2.20 to patch the issue," said Sonatype, "We recommend an immediate upgrade for all users."

A zero-day remote code execution vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit versions 9 and later and is a bypass for another vulnerability tracked as CVE-2010-1622, enabling an unauthenticated attacker to execute arbitrary code on the target system.

VMWare Spring is a open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the "Server" part of the process yourself. You don't need to worry about, or even care, what sort of server your code is running on: it could be a server of your own, set up and managed by your colleagues in IT; or a cloud instance hosted and executing on a popular cloud service provider.