Businesses have been at work since last week investigating whether their applications or third-party software products are vulnerable to Spring4Shell, a critical remote code execution (RCE) vulnerability impacting Spring Framework, one of the most popular development frameworks for Java applications. While exploitation attempts have already been observed in the wild, the rate at which developers are updating their Spring instances appears to be slow going.
According to Sonatype, the company that maintains Maven Central, the biggest repository of Java components and libraries, 80% of Spring downloads since March 31 when the flaw was confirmed have continued to be for vulnerable versions of the framework. Maven Central integrates with many development tools, so the data suggests that developers are not in a rush to upgrade their Spring instances.
To read this article in full, please click here
More Stories
Smashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?
Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities...
Critical Infrastructure at Risk From Email Security Breaches
Critical infrastructure security undermined by weakness in email protection, researchers warn Read More
Google Street View Images Used For Extortion Scams
Attackers use Google Street View images to put pressure on victims of “sextortion” scams Read More
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends...
Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack
The suspected creator of Ghost, an encrypted communication platform allegedly used by organized crime groups worldwide, has been arrested Read...
Introducing LevelBlue’s 24/7 Managed Threat Detection and Response Service for Government
As new threat vectors emerge and cybercriminals leverage sophisticated technologies to orchestrate more targeted attacks, staying ahead of threats is...