CRITICAL: Apache Parquet Java vulnerability (CVE-2025-46762) allows RCE; upgrade to 1.15.2 immediately. #ApacheParquet #RCE #Cybersecurity

More details: https://securityonline.info/cve-2025-46762-apache-parquet-java-flaw-allows-potential-rce-via-avro-schema - https://www.flagthis.com/news/14475

#ApacheParquet exploit tool detect servers vulnerable to critical flaw

https://www.bleepingcomputer.com/news/security/apache-parquet-exploit-tool-detect-servers-vulnerable-to-critical-flaw/

#cybersecurity #Apache

Apache Parquet users, take note: a CVSS 10.0 flaw in the Java module could let attackers run arbitrary code without any user action. Is your system protected? Discover the key steps to secure your data now.

https://thedefendopsdiaries.com/understanding-and-mitigating-the-apache-parquet-cve-2025-30065-vulnerability/

#apacheparquet
#cve202530065
#datasecurity
#cybersecurity
#vulnerability

😱 Oh no, another *shocking* #security flaw! This time it's Apache Parquet, because who doesn't love a good #data #storage scare? 🙄 But wait, first you have to enable #JavaScript and #cookies to even read about it—because security is all about user inconvenience! 🍪🔐
https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/ #flaw #ApacheParquet #HackerNews #ngated

Max severity RCE flaw discovered in widely used Apache Parquet

https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/

#HackerNews #MaxSeverity #RCE #ApacheParquet #SecurityFlaw #CyberSecurity #Vulnerability

Our latest post is out, check it out for the full details here 👉 https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/

If you're short on time, here's a quick rundown of the key stories:

🇦🇺 Australian Pension Funds Under Attack: A significant credential stuffing campaign hit multiple Aussie superannuation funds (Australian Super, REST, Hostplus, Insignia, ART) over the March 29-30 weekend. Attackers used stolen creds, likely targeting web portals and mobile apps, accessing accounts and unfortunately stealing funds in some cases (reports mention ~AU$500k from four Australian Super members alone). ASFA is coordinating the response. A stark reminder about password reuse and MFA effectiveness, especially during off-hours!

🏛️ Shake-up at NSA/Cyber Command: Big news out of the US – Gen. Timothy Haugh has been fired from his dual-hat role leading the NSA and USCYBERCOM after just over a year. Deputy Director Wendy Noble is also reportedly out. Reasons are murky, but speculation points towards political motivations (linked to Laura Loomer's visit with President Trump). This raises questions about stability, the ongoing 'Cybercom 2.0' review, and the future of the dual-hat structure, especially with ongoing nation-state threats.

⏱️ Incident Response Speed vs. Backups: An interesting debate highlighted recently – while backups are vital for recovery, is rapid IR potentially even more critical? It’s a tough balancing act: contain fast (risking tipping off attackers/losing evidence) or investigate thoroughly while the breach continues? Emphasises the need for skilled responders and adequate tooling, not just relying on backups as a silver bullet.

⚠️ Critical RCE in Apache Parquet (CVE-2025-30065): Heads up, data folks! A CVSS 10.0 RCE vulnerability has been found in the widely used Apache Parquet columnar storage format (up to v1.15.0). Given its use in Hadoop, AWS, Azure, GCP, and by major tech companies, the potential impact is huge. Patch to version 1.15.1 ASAP!

📱 Pentagon Probes Defense Secretary's Signal Use: The DoD's Inspector General is investigating Defense Secretary Pete Hegseth's use of Signal for official business. This follows a report where a journalist was accidentally added to a Signal chat discussing sensitive airstrike details (targets, timing). Raises concerns about classified info on unclassified apps, need-to-know, and record-keeping compliance.

The full blog post dives deeper into each of these stories and much more. Don't forget to sign up to our newsletter so you can get this daily wrap-up straight to your inbox!

📨 https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/#/portal/signup

What are your biggest takeaways from this week's news? Let's discuss below!

#CyberSecurity #InfoSec #ThreatIntel #DataBreach #CredentialStuffing #Ransomware #Phishing #Vulnerability #ApacheParquet #NSA #CyberCommand #IncidentResponse #CloudSecurity #NationalSecurity #Espionage #Privacy

A critical flaw in Apache Parquet could let attackers run code remotely on your systems—rated a perfect 10.0 for severity. Is your big data framework safe? Read up on the fix and protect your data today.

https://thedefendopsdiaries.com/addressing-the-critical-cve-2025-30065-vulnerability-in-apache-parquet/

#cve202530065
#apacheparquet
#rcevulnerability
#bigdatasecurity
#cybersecurity

Speaking tomorrow about the importance of open standards in enabling data lakehouses. Hope to see you at the SNIA Developer conference!

#DataLake #DataLakehouses #ApacheIceberg #ApacheArrow #ApacheParquet

Can you consume from a #ApacheKafka topic and write #ApacheParquet easily? It turns out that you can, using the #Bento open-source pipeline tool. I made a short video that shows how to consume from a @warpstream topic and map and write into #Parquet files. I wrap it up by querying with DuckDB and then persisting it as a DuckDB database. It's fun for the whole family.

#dataengineering #datalake #datastreaming

https://youtu.be/wurkxuorelo

For #datascience working with tabular data and especially #apacheparquet files (which I also recommend - very fast way to store your tabular data) - the little application called "Tad" is a great way to view your data between things and scroll through it. https://www.tadviewer.com

Open-source, plain, simple, and fast. Does its job very well for inspecting data for a scroll-through (and ensuring your data stores properly).

So Tessellate inherits lots of support for various data formats from Cascading
https://github.com/cwensel/cascading

Even though #apacheparquet dropped Cascading support, we were able to port it over.

Now that Parquet is native to Cascading, it should be easier to add #apacheiceberg support.

This would allow #clusterless to convert data as it arrives into Iceberg continuously for use in #aws Athena or other data front-ends.

Anyone interested in a challenge?

#aws #java

A little more color on this announcement..
https://fosstodon.org/@cwensel/110549001614086663

First, #ApacheParquet removed #Cascading support, so I had to splice the original source into Cascading. But the ParquetScheme didn't honor type information fully. So there is a new TypedParquetScheme that has native support for JSON and Timestamps.

Second, Parquet requires the #ApacheHadoop FileSystem, which means we get the wonderful S3A implementation. But we also get a 331MB jar dependency with the aws bundle.

Le format #ApacheParquet devient mainstream, il a pourtant presque 10 ans. En quoi est-il devenu un successeur crédible à #CSV ?
Quels sont ses rapports avec #ApacheArrow, ou #duckdb ? Comment l'utiliser dans #rstats ou #QGIS ?
Je vous éclaire ici 👇 :
https://www.icem7.fr/outils/parquet-devrait-remplacer-le-format-csv/

Been testing visidata (https://www.visidata.org/) for some time already, using it for quick CSV/TSV, #ApacheParquet, #sqlite data mangling/inspection.

A few weeks ago, I learned about vdsql (https://github.com/visidata/vdsql), which extends the tool to include support for database backends, and it is just a breeze to use with, for example, #duckdb:

$ vdsql really-big.duckdb

I see some minor issues with 'duckdb-engine' and calculated columns (used by vdsql/ibis), but overall it works reasonably well.