Three-year-old Apache Flink flaw under active attack
Three-year-old Apache Flink flaw under active attack
We know IT admins have busy schedules but c'mon
This is the best summary I could come up with:
An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets.
Plus, its inclusion in the catalog means federal agencies need to either close the hole in their deployments of the software or stop using the tool altogether by June 13.
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), which added CVE-2020-17519 to the government's Known Exploited Vulnerabilities catalog on Thursday, doesn't provide much detail.
As with all bugs added to the catalog, the Homeland Security agency warns: "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise."
This brings us to where we are today, with government agencies and bug hunters screaming into the wind about writing secure code and applying patches in a timely manner.
That crooks are exploiting known holes isn't surprising; it would be worthwhile instead at this stage to focus on what's holding back patching, and what can be done to automate or ease it.
The original article contains 476 words, the summary contains 188 words. Saved 61%. I'm a bot and I'm open source!