Rewterz

Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs

August 24, 2021
Rewterz

Rewterz Threat Advisory – ICS – Delta Electronics TPEditor Vulnerability

August 25, 2021

Rewterz Threat Advisory – CVE-2021-33191 – Apache NiFi MiNiFi C++ Vulnerability

Severity

High

Analysis Summary

CVE-2021-33191

Apache NiFi MiNiFi C++ could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the agent-update command. By sending a specially-crafted c2-update command with a modified value, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the application binary.

Impact

  • Unauthorized Access

Affected Vendors

Apache

Affected Products

  • Apache NiFi MiNiFi C++ 0.5.0

Remediation

Upgrade to the latest version of Apache, available from the Apache Web site.

https://nifi.apache.org/minifi/download.html

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.