Subnostr

Apache NiFi RCE vulnerability enables attackers to exfiltrate sensitive data. Patches and upgrades have been provided to fix the issue. The vulnerability has a high severity score and affects widely distributed installations of Apache NiFi. Unidentified hackers are selling Apache NiFi exploits on dark web forums. Mitigation measures include installing fixes, implementing network segmentation, monitoring for unusual activity, and implementing access restrictions and authentication procedures. #ApacheNiFi #Vulnerabilities

https://cybersecuritynews.com/apache-nifi-rce-vulnerability/

Reply to this note

Please Login to reply.

Discussion

Guy Swann 2y ago

nostr:note1pwwnf4t5qpytrszdye8cu0w7l66crp8vv6wyn0jv8c0q6d8nzu9smwnhay

It seems like there has been a flood of extremely serious bugs being patched in updates over just the past couple of weeks. Has anyone heard of a major leak somewhere from maybe a government agency or security appratus that is making all of this known? Or Have their been stories of these things getting exploited?

I can't decide from what angle these are coming from. Is it Ai and the decreasing costs of attack and variation on these systems, or Ai pentesting, or is this a flood of previously hidden info rising to the surface as institutional trust breaks down... or is this just a complete coincidence?

Just really curious because I feel like this has been out of the ordinary, but maybe not? 🤔

sudocarlos 2y ago

"while checking the device of an individual employed by a Washington DC-based civil society organization"

this led to the webp vulnerability disclosure which probably made google and others dig and find a vuln in vp8. haven't read about the one you linked yet

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/