Network Security, Vulnerability Management, Threat Intelligence

CISA adds years-old Apache Flink bug to KEV catalog

SC StaffMay 24, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

(DHS)

Ongoing attacks leveraging an improper access control flaw in open source framework Apache Flink, tracked as CVE-2020-17519, have prompted the security issue's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the bug by June 13, according to The Hacker News.

Intrusions leveraging the flaw, which affects Flink versions 1.11.0, 1.11.1, and 1.11.2, could facilitate the reading of any file on the JobManager's local filesystem, as well as unauthorized data access through directory traversal requests.

No details regarding the attacks exploiting the flaw have been provided but threat actors were previously reported by Palo Alto Networks Unit 42 to had been extensively leveraging the flaw from November 2020 to January 2021.

"Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021," said Unit 42 researchers then.

SC Staff

Related

Hacker attack computer hardware microchip while process data through internet network

Network Security

Cyber threat detection capabilities of SIEM tools lagging

SC StaffJune 14, 2024

Only 19% of MITRE ATT&CK techniques leveraged by threat actors could be detected by major enterprise security information and event management tools, including those from Microsoft, Splunk, IBM, and Sumo Logic, despite the presence of data that could allow the identification of 87% of such techniques, reports SiliconAngle.

Pakistan internet security. Laptop with binary computer code an

Network Security

Persistent long-running Pakistani malware campaign discovered

SC StaffJune 14, 2024

Organizations and individuals in the government, defense, and technology sectors across India have been targeted by Pakistan-linked threat group Cosmic Leopard, also known as SpaceCobra, in attacks with the GravityRAT Android malware and HeavyLift Windows malware loader as part of Operation Celestial Force, which has been ongoing since 2018, reports The Hacker News.

Network Security

Report: Vulnerability in SolarWinds hack dismissed by Microsoft

SC StaffJune 14, 2024

Microsoft was reported by ProPublica to have ignored warnings by former employee Andrew Harris regarding the presence of the Golden SAML vulnerability in its Active Directory Federation Services offering years before it had been leveraged to facilitate the widespread SolarWinds software supply chain hack in 2020, according to CRN.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news