On March 29th, the cyberkendra security blog posted a sensational post about a Log4Shell-equivalent zero-day vulnerability in Spring Framework, but without any solid details about the vulnerability itself.

In this article we will provide basic information regarding the Clipboard Redirection setting, which enables the copy past function in remote desktop. Once you have decided the setting’s desired value, be sure and test it to fully understand what will be its impact on your production. This is critical since you don’t want it to result in damage to production. Configuring RDS Clipboard Redirection settings is a fundamental step in the hardening project.

It is the end of the month and the end of the quarter. It has been a big one here at LimaCharlie. We have grown the team and released three new sensor types built on our new open-source adapter, and this is just the beginning. We are also starting something new. For an hour every Friday, we are going to be holding office hours starting at 9.00 AM PT.

Read also: the US charges four Russian hackers, Lapsus$ leaks 70GB of Globant data, and more.

We have built a Security Operations Center at Netskope in short order. Facing the vast expanse of the Security Operations ocean, I grabbed my board with my team and focused on doing a few things really well. We documented workflows, expanded our visibility, and tuned monitoring systems. We paddled out from shore, braving the shark-infested waters of the threat landscape.

It’s time again for another meeting with senior leadership. You know that they will ask you the hard questions, like “how do you know that your detection and response times are ‘good enough’?” You think you’re doing a good job securing the organization. You haven’t had a security incident yet. At the same time, you also know that you have no way to prove your approach to security is working. You’re reading your threat intelligence feeds.

“May you live in interesting times.” Cybersecurity professionals live this phrase every day. From supply-chain attacks, pervasive exposure from zero-day vulnerabilities, or the dramatic rise in ransomware, we undoubtedly live—and work—in interesting times.

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate data. One of these uses files written to disk and multiple DNS queries to send large chunks of data.

As many organizations move to the cloud, CrowdStrike has noticed a significant increase in both opportunistic and targeted attacks against cloud resources, with a large number of these attacks targeting organizations’ Microsoft 365 (M365) infrastructure, often specifically around their business email service, or Exchange Online.

Editor’s note: Latest update, April 6, 2022, 7:30 p.m. U.S. EDT — This post now includes an example query to aid SOC teams in generating alerts for their specific WAF data sources. See the section “Create New Web Application Firewall (WAF) Rules” for details. A critical zero-day vulnerability in Java’s popular Spring Core Framework is being actively targeted, according to multiple reports submitted to Bleeping Computer.