Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

October 21, 2024 at 07:04AM Atlassian has issued patches addressing high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management, enhancing security for these platforms. **Meeting Takeaways:** 1. **Atlassian Vulnerability Patches**: Atlassian has released patches addressing high-severity vulnerabilities in three key products: – Bitbucket – Confluence – Jira Service Management 2. **Source of Information**: The announcement … Read more

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

September 19, 2024 at 08:36AM Atlassian addressed multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd with patches. The vulnerabilities allowed attackers to cause denial-of-service conditions. The patches address security defects in various components and dependencies, with the company urging users to update their installations as soon as possible. None of these issues have been … Read more

Atlassian Patches High-Severity Vulnerabilities in Bamboo, Confluence, Jira

July 17, 2024 at 12:54PM Atlassian released security updates to fix high-severity vulnerabilities in Bamboo, Confluence, and Jira products. Urgent attention was drawn to the Bamboo Data Center and Server updates, resolving two high-severity bugs. Patches for high-severity vulnerabilities in Confluence and Jira products were also released. Users are advised to apply patches promptly. From … Read more

Email addresses of 15 million Trello users leaked on hacking forum

July 16, 2024 at 02:01PM A threat actor exposed 15 million Trello email addresses by exploiting an unsecured API, selling the data for $2.32. Atlassian, Trello’s owner, acknowledged the issue and secured the API. This method of exploiting unsecured APIs is increasingly utilized, posing significant privacy risks. It’s crucial for organizations to prioritize API security … Read more

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

April 17, 2024 at 07:12AM Threat actors exploit an unpatched Atlassian server vulnerability (CVE-2023-22518) to deploy Linux Cerber ransomware. This creates a critical security risk, leading to loss of system control. Ransomware payloads are executed using a web shell, encrypting files and dropping ransom notes. The use of C++ payloads is noted, and new ransomware … Read more

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

March 20, 2024 at 10:51AM Atlassian patched 24 vulnerabilities in products including Bamboo, Bitbucket, Confluence, and Jira. The critical-severity bug (CVE-2024-1597) impacts org.postgresql:postgresql, could allow unauthenticated attackers to exploit assets, and affects Bamboo Data Center and Server versions 8.2.1 to 9.5.0. Atlassian also released security updates for Confluence and Jira. Users are advised to update … Read more

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

February 13, 2024 at 06:39AM The Midnight Blizzard and Cloudflare-Atlassian cyber incidents highlight the vulnerabilities in major SaaS platforms and the complex security challenges they face. Russian hackers breached Microsoft by leveraging legacy accounts and OAuth tokens. Cloudflare’s Atlassian systems were compromised due to unchanged Okta credentials. Such breaches emphasize the need for continuous monitoring … Read more

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

February 4, 2024 at 12:19PM Cloudflare disclosed a likely nation-state cyber attack involving unauthorized access to its Atlassian server, leading to exposure of documentation and source code. The breach led to rotating production credentials, system triages, and termination of malicious connections. The attacker exploited stolen credentials from other hacks, prompting increased security measures and engaging … Read more

Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies

February 1, 2024 at 08:20PM Cloudflare revealed that suspected government spies infiltrated their system by using credentials stolen from the October 2023 Okta security breach. The intruders gained access to Atlassian and other systems, potentially extracting source code and sensitive information. Cloudflare, assisted by a security firm, is working to bolster their security measures following … Read more

Cloudflare hacked using auth tokens stolen in Okta attack

February 1, 2024 at 03:59PM Cloudflare revealed today that its internal Atlassian server was infiltrated by a ‘nation state’ attacker, who gained access to its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The company detected the breach on November 23, severed access on November 24, and assured that customer data … Read more