fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Detects Spring4Shell Attacks Across its Cloud Services

Microsoft Detects Spring4Shell Attacks Across its Cloud Services

Microsoft said that it’s currently tracking a “low volume of exploit attempts” targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.

The Spring4Shell vulnerability (tracked as CVE-2022-22965) impacts the Spring Framework, described as the “most widely used lightweight open-source framework for Java.”

“Microsoft regularly monitors attacks against our cloud infrastructure and services to defend them better,” the Microsoft 365 Defender Threat Intelligence Team said.

“Since the Spring Core vulnerability was announced, we have been tracking a low volume of exploit attempts across our cloud services for Spring Cloud and Spring Core vulnerabilities.”

Also Read: Revised Technology Risk Management Guidelines of Singapore

Spring4Shell exploited to deploy web shells

Microsoft further explained in their Monday report that attackers could exploit this Spring Core security flaw by sending specially crafted queries to servers running the Spring Core framework to create web shells in the Tomcat root directory.

Threat actors can then use this web shell to execute commands on the compromised server.

While some have compared this security bug’s severity level with Log4Shell, a vulnerability in the ubiquitous Apache Log4j Java-based logging library, this isn’t necessarily true given that Spring4Shell only impacts systems with a very particular configuration:

  • Running JDK 9.0 or later
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional Java web archive (WAR) and deployed in a standalone Tomcat instance; typical Spring Boot deployments using an embedded Servlet container or reactive web server are not impacted
  • Tomcat has spring-webmvc or spring-webflux dependencies

Despite this, Microsoft says that “any system using JDK 9.0 or later and using the Spring Framework or derivative frameworks should be considered vulnerable.”

Admins can check their servers to determine if they are vulnerable to Spring4Shell attacks using this nonmalicious command (an HTTP 400 response is evidence that the system is vulnerable to at least one publicly available proof of concept (PoC) exploit):

curl host:port/path?class.module.classLoader.URLs%5B0%5D=0

Warnings of ongoing exploitation

Microsoft’s discovery of ongoing attacks deploying Spring4Shell exploits against its cloud infrastructure comes after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog.

Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

A Check Point report published on Tuesday estimates that CVE-2022-22965 exploitation attempts have already targeted roughly 16% of all organizations vulnerable to Spring4Shell.

Based on internally-sourced telemetry statistics, Check Point researchers detected around 37,000 Spring4Shell exploitation attempts during the last weekend alone.

On Monday, VMware also published security updates to address the Spring4Shell flaw impacting several of its cloud computing and virtualization products.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us