Spring4Shell Vulnerability
Executive Summary: A new zero-day vulnerability in the Spring Core Java framework dubbed ‘Spring4Shell’ has been publicly disclosed, allowing unauthenticated remote-code execution on applications. Spring by VMware is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as […]
Russia-Ukraine Malicious Cyber Activity
The Ukrainian government confirmed yesterday afternoon that another large-scale cyber attack is taking place; this is less than a week since websites were last targeted in a similar attack. “We’ve not seen something [like this] that’s taken it to a completely different level,” an official told the BBC. This large-scale cyber attack preceded Russia’s invasion […]
Russia-Ukraine Tensions Escalate
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is encouraging increased cyber security awareness in a new “Shields Up” advisory released last week as tensions escalate between Ukraine and Russia. Russia has threatened new invasions against Ukraine as an escalation of the Russo-Ukrainian War that began in 2014. The cyber security implications of these threats have already been […]
Solarwinds Supply Chain Attack (Sunburst Malware)
Priority: Critical Executive Summary: A highly sophisticated attack using a trojanised version of SolarWinds’ Orion software has been discovered, affecting both private and public organisations globally.1 The attack is believed to have started as early as Spring 2020 and is still ongoing, making this an imminent threat to any organisation using SolarWinds Orion. The attackers […]