Cyber Security Today, June 6, 2022 – Atlassian and GitHub release fixes for critical bugs
Atlassian and GitHub release fixes for critical bugs.
Welcome to Cyber Security Today. Today is Monday, June 6, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
My thanks to the CIO of IT World Canada, Jim Love, for replacing me during my absence. And now the news:
Atlassian published security updates that need to be installed immediately to fix a critical vulnerability in two of its key on-premises collaboration products. The vulnerability affects all currently supported versions of Confluence Server and Confluence Data Center. According to the company, hackers are already trying to exploit this bug, so it needs to be fixed. In short, a hole in the Java object property setting language could allow an unauthenticated user to run code in a Confluence environment. A SANS Institute analyst notes that unsupported versions of Confluence may also be affected. So if you have an older version of these apps, upgrade to a newer version, make sure Confluence is not exposed to the internet, or migrate to the cloud version of Confluence.
Application developers and administrators using GitLab Community or Enterprise editions are advised to install the latest version as soon as possible. This is because they include important security patches. One, in the Enterprise edition, closes a vulnerability classified as critical. Under certain conditions, an attacker could take control of a user’s account if it is not protected by two-factor authentication.
electronics manufacturer Foxconn confirmed that its Mexican factory had been hit by ransomware late last month. The company told SecurityWeek it is still recovering from the attack, but expects the impact to overall operations to be minimal. No details of the attack were given, but the threat group that operates LockBit 2.0 ransomware recently claimed to have stolen data from the installation. A Foxconn computer system in the United States suffered a ransomware attack in December 2020.
IT infrastructure which helped spread the FluBot Android malware has been silenced. Police cooperative Europol said last week that Dutch police had destroyed the infrastructure with the help of 10 law enforcement agencies, including US and Australian agencies. The malware was installed via text messages asking Android users to click a link and install an app to track the delivery of a package or listen to a fake voicemail message. Once installed, the FluBot malicious app would ask victims for accessibility permissions. Those who said yes had their passwords stolen to access financial institutions. The malware spread because it also copied the phone number from victims’ contact lists. According to Europol, there are two ways to tell if an app is malware: if you tap on it and it won’t open, and if you try to uninstall an app, you get an error message. If you suspect an app may be malware, reset the smartphone to factory settings.
To finish, the annual RSA Cybersecurity Conference in San Francisco begins today. I will be covering some of the sessions with detailed stories on ITWorldCanada.com. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I am Howard Solomon