OpenSSL released version 3.0.7 with security fixes for High Severity vulnerabilities CVE-2022-3786 & CVE-2022-3602 discussed here. Here's how to know if you're affected and what to do if you are. Am I affected by open SSL vulnerabilities? At this moment it seems that OpenSSL…

Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite…

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to …

Why is OWASP a Good Framework The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released…

Updates: 30-Dec-2021: Clarified attack scenario for Log4j 1.x CVE-2021-4104 29-Dec-2021: Updated remediation guidance to include CVE-2021-44832 22-Dec-2021: Added details for the latest version of Log4J for Java 6 and Java 7 20-Dec-2021: Updated Am I affected, Remediation and Off-the-…

The Open Web Application Security Project (aka OWASP) recently announced its latest updates to the venerable OWASP Top Ten list. This publication is meant to bring attention to the most common classes of software-related security issues facing developers and organizations…