InfoSecBulletin Cybersecurity for mankind
CISA warns Apache Flink users about a critical vulnerability. Cybercriminals are exploiting this flaw to compromise systems.
Apache Flink is a widely used open-source platform for processing large datasets in real-time analytics, machine learning, and data-intensive applications. Its capability to handle both bounded and unbounded data streams makes it a versatile tool for organizations striving to gain insights from their data.
MITRE discloses 2024 CWE Top 25 critical software flaw
Python NodeStealer: harvest credit card and Facebook Ads Manager
Cisco Talos
Over 60% of Emails with QR Codes are spam
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2020-17519 is a vulnerability that lets attackers read files on the local filesystem of the JobManager process. This could expose sensitive data and confidential information to malicious actors.
Organizations using Apache Flink versions 1.11.0, 1.11.1, or 1.11.2 are at risk, especially if their Flink instances are exposed to the internet or untrusted networks.
Federal agencies need to update their software to Apache Flink version 1.19.0 or later by June 13, 2024, to protect their networks from security threats.
