Tag: Cybersecurity and Infrastructure Security Agency (CISA)

CISA Warns of Actively Exploited Apache Flink Security Vulnerability
News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

A security issue affecting Apache Flink, an open-source, unified stream-processing and batch-processing framework, was added to the Known Exploited Vulnerabilities (KEV) database on Thursday by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. Under incorrect access control, any file on the local filesystem of the JobManager could be accessed by an attacker via its REST interface. This problem is being tracked as CVE-2020-17519. Additionally, this implies that a remote, unauthenticated attacker can submit a carefully constructed directory traversal request that would provide unwanted access to private data read more CISA Warns of Actively Exploited Apache Flink Security Vulnerability. Get up to date on the latest cybersecuri...
NextGen Healthcare Mirth Connect Under Attack CISA Issues Urgent Warning
News

NextGen Healthcare Mirth Connect Under Attack CISA Issues Urgent Warning

Citing evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security hole affecting NextGen Healthcare Mirth Connect to its list of known exploited vulnerabilities (KEV) on Monday. The vulnerability, identified as CVE-2023-43208 (CVSS score: N/A), pertains to an instance of unapproved remote code execution that results from an insufficient fix for another significant vulnerability, CVE-2023-37679 (CVSS score: 9.8). The vulnerability was initially made public by Horizon3.ai in late October 2023. This January, the company posted a proof-of-concept (PoC) exploit along with other technical details. Healthcare organizations frequently employ Mirth Connect, an open-source data integration platform that enables standardized data inter...
CISA makes its “Malware Next-Gen” analysis system publicly available
News

CISA makes its “Malware Next-Gen” analysis system publicly available

After releasing a new version of "Malware Next-Gen," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is now accepting malware samples from the general public for analysis. A malware analysis tool called Malware Next-Gen looks for questionable artifacts in malware samples. Initially, it was intended to enable suspicious files to be sent to U.S. federal, state, local, tribal, and territorial government agencies for automated malware detection using static and dynamic analysis technologies. A new version of the system that enables any organization or individual to contribute files to the system was published by CISA yesterday. A new version of our malware analysis system, named Malware Next-Gen, has been released by the Cybersecurity and Infrastructure Security Agen...