December 11, 2024 at 08:03AM Atlassian and Splunk issued patches for numerous vulnerabilities in their products. Atlassian fixed 10 high-severity flaws in various Data Center and Server applications, while Splunk addressed over 15 vulnerabilities, including a high-severity issue in its Secure Gateway app. Users are urged to update promptly; no exploits have been reported. **Meeting … Read more
October 21, 2024 at 07:04AM Atlassian has issued patches addressing high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management, enhancing security for these platforms. **Meeting Takeaways:** 1. **Atlassian Vulnerability Patches**: Atlassian has released patches addressing high-severity vulnerabilities in three key products: – Bitbucket – Confluence – Jira Service Management 2. **Source of Information**: The announcement … Read more
September 19, 2024 at 08:36AM Atlassian addressed multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd with patches. The vulnerabilities allowed attackers to cause denial-of-service conditions. The patches address security defects in various components and dependencies, with the company urging users to update their installations as soon as possible. None of these issues have been … Read more
July 17, 2024 at 12:54PM Atlassian released security updates to fix high-severity vulnerabilities in Bamboo, Confluence, and Jira products. Urgent attention was drawn to the Bamboo Data Center and Server updates, resolving two high-severity bugs. Patches for high-severity vulnerabilities in Confluence and Jira products were also released. Users are advised to apply patches promptly. From … Read more
July 16, 2024 at 02:01PM A threat actor exposed 15 million Trello email addresses by exploiting an unsecured API, selling the data for $2.32. Atlassian, Trello’s owner, acknowledged the issue and secured the API. This method of exploiting unsecured APIs is increasingly utilized, posing significant privacy risks. It’s crucial for organizations to prioritize API security … Read more
April 17, 2024 at 07:12AM Threat actors exploit an unpatched Atlassian server vulnerability (CVE-2023-22518) to deploy Linux Cerber ransomware. This creates a critical security risk, leading to loss of system control. Ransomware payloads are executed using a web shell, encrypting files and dropping ransom notes. The use of C++ payloads is noted, and new ransomware … Read more
March 20, 2024 at 10:51AM Atlassian patched 24 vulnerabilities in products including Bamboo, Bitbucket, Confluence, and Jira. The critical-severity bug (CVE-2024-1597) impacts org.postgresql:postgresql, could allow unauthenticated attackers to exploit assets, and affects Bamboo Data Center and Server versions 8.2.1 to 9.5.0. Atlassian also released security updates for Confluence and Jira. Users are advised to update … Read more
February 13, 2024 at 06:39AM The Midnight Blizzard and Cloudflare-Atlassian cyber incidents highlight the vulnerabilities in major SaaS platforms and the complex security challenges they face. Russian hackers breached Microsoft by leveraging legacy accounts and OAuth tokens. Cloudflare’s Atlassian systems were compromised due to unchanged Okta credentials. Such breaches emphasize the need for continuous monitoring … Read more
February 4, 2024 at 12:19PM Cloudflare disclosed a likely nation-state cyber attack involving unauthorized access to its Atlassian server, leading to exposure of documentation and source code. The breach led to rotating production credentials, system triages, and termination of malicious connections. The attacker exploited stolen credentials from other hacks, prompting increased security measures and engaging … Read more
February 1, 2024 at 08:20PM Cloudflare revealed that suspected government spies infiltrated their system by using credentials stolen from the October 2023 Okta security breach. The intruders gained access to Atlassian and other systems, potentially extracting source code and sensitive information. Cloudflare, assisted by a security firm, is working to bolster their security measures following … Read more