RCE Bug in Spring Cloud Could Be the Next Log4Shell

Some researchers have dubbed it “Spring4Shell” due to its ease of exploit and Java-based nature, a la the Log4Shell vulnerability discovered in December.

“Spring4Shell is another in a series of major Java vulnerabilities,” Stefano Chierici, a security researcher at Sysdig, noted in materials shared with Threatpost. “It has a very low bar for exploitation so we should expect to see attackers heavily scanning the internet. Once found, they will likely install cryptominers, [distributed denial-of-service] DDoS agents, or their remote-access toolkits.”

Source: Threatpost

Eric Henry

Eric Henry founded Epic IT Support in 2019. He brings over 20 years of technology experience and numerous distinguished certifications to the organization. After successfully growing and exiting a prior Managed Service Provider, he saw what needed to change given the ever-increasing demands of IT combined with the evolving threat landscape. Epic IT Support specializes in Cybersecurity and Identity and Access Management.

Before Epic IT Support, he co-founded Helixstorm, a Southern California Managed Service Provider, in 2007. As Chief Technology Officer and Principal Architect, he specialized in IT infrastructure planning, design, and implementation.

Before that, Mr. Henry owned an IT enterprise consulting firm focused on SAN Storage, HP-UX, Solaris, Linux, HA, and DR solutions. He has also worked with esteemed organizations like Intuit, Fox Broadcasting, Best Western, Mail Boxes Etc., US Federal Government, and other enterprise-class clientele worldwide.

With a robust Cybersecurity and IT infrastructure background, Mr. Henry delivers solutions to small, medium, and enterprise-sized businesses. He holds certifications in many products and technologies.

The Computerworld Honors Program recognized Mr. Henry and Helixstorm as a 2011 Laureate for designing and implementing a High Availability Storage project. Selected from more than 1,000 entries, Helixstorm’s High Availability project for the American Society of Health-System Pharmacists (ASHP) was the winning entry.

Mr. Henry served as a Sergeant and Air Control Electronics Operator in the United States Marine Corps. He studied Aerospace Engineering at the University of Arizona.

https://epicit.support
Previous
Previous

Building a Hardened Linux Repository using an HPE Apollo 4200 Gen10 Server with Ubuntu 22.04 LTS for Veeam Immutable Backups

Next
Next

Lapsus$ hacking group claiming they breached Okta for access to their customers.