Alleged RCE Vulnerability Discovered in Spring Framework

Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…

Read More

7 Ways to Prevent Ransomware Attacks

With ransomware demands in the millions, companies are beginning to prioritize investment in their ransomware resilience strategy to avoid the severe financial, operational, and reputational costs of being the victim of an attack. In fact, ransomware planning ranked as the top initiative for retail and hospitality CISOs in RH-ISAC’s recent 2021 CISO Benchmark Report, but…

Read More

5 Challenges for Hybrid Cloud Security

Businesses interested in scaling up operations are turning to hybrid cloud environments as a cost-effective solution. Hybrid clouds provide the best of both worlds, allowing companies to expand their network without investing in additional, costly on-premises servers that must be maintained. Instead, they can keep their highly sensitive data securely stored on premises where they…

Read More

Okta Breach Update and Analysis

Details continue to emerge regarding the Lapsus$ breach of Okta systems and the impact of the incident on Okta customers and the broader security community. On March 21, 2022, the Lapsus$ cyber threat group posted screenshots on their Telegram channel demonstrating that the group had gained superuser access to Okta systems and access to Okta…

Read More