The Apache Software Foundation (ASF) has addressed a vulnerability in Kafka Connect that could enable remote code execution (RCE) attacks. The flaw was spotted by bug bounty hunter Jari Jääskelä, who received a $5,000 reward. To exploit the vulnerability, an attacker would need access to a Kafka Connect worker and be able to create or modify worker connectors. More than 80% of Fortune 100 firms use the Kafka platform.
Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted
