fraud cybersecurity data Emotet Spring4Shell ransomware API security cyberattack threats fraud

Best of 2022: New Spring4Shell Zero-Day Vulnerability Confirmed: What it Is and How to Prepare

On March 29, 2022, a Chinese cybersecurity research firm leaked an attack that could impact most enterprise Java applications, globally. An investigation of the issue showed that the root cause was a ...
Log4Shell Log4j logs

Log4Shell Vulnerabilities Still Plague Organizations 

Almost exactly one year after Log4Shell sent security teams scrambling to patch, more than seven in 10 (72%) of organizations are still vulnerable to the flaw.  These were among the results of ...
Security Boulevard
You can use Java 7 unsupported, but unsupported versions of Java are dangerous

Unsupported Versions of Java Are Dangerous

| | Java, security
Java 7 is still a great Java deployment platform Last month Oracle released JDK 19, with exciting new preview features like virtual threads and structured concurrency (both part of Project Loom). However, ...
Secure serverless code for free with CodeSec - Now available in AWS Marketplace

Secure serverless code for free with CodeSec – Now available in AWS Marketplace

As of August 12, 2022, Contrast Security's new, free developer security tool,  CodeSec, will be available in AWS Marketplace! CodeSec brings the fastest and most accurate scanner on the market right to ...
How to detect Log4j vulnerabilities in Java projects for free with CodeSec

How to detect Log4j vulnerabilities in Java projects for free with CodeSec

Log4j is a popular Java logging tool with a critical cybersecurity vulnerability that gained global attention in December 2021.  The U.S. Dept. of Homeland Security’s Cyber Safety Review Board stated in a ...
How to detect Log4j vulnerabilities in Java projects for free with CodeSec

How to detect Log4j vulnerabilities in Java projects for free with CodeSec

Log4j is a popular Java logging tool with a critical cybersecurity vulnerability that gained global attention in December 2021.  The U.S. Dept. of Homeland Security’s Cyber Safety Review Board stated in a ...

Java Serialisation – the gift that keeps on taking (Part 3)

In the previous post we  examine particular Java Serialisation characteristics and design points that had a few unexpected consequences.  In this post we'll explore more around exploiting serialisation datastreams.  How it's possible to ...
Spring4Shell Log4j vulnerabilities time Kaseya ransomware recovery REvil

Spring4Shell Marks the end of ‘Snooze Button’ Security

Spring4Shell illustrates why back-to-back attacks are a call to action for organizations to revise and prioritize security best practices ...
Security Boulevard
‘Crypto Bug of the Year’ Fixed — Update Java NOW

‘Crypto Bug of the Year’ Fixed — Update Java NOW

A ridiculously dumb flaw in Java’s signature checking code is patched. This isn’t some crufty legacy Sun code, but actual garbage Oracle sloppiness that’s causing IT people to chase their tails yet again ...
Security Boulevard