Cyber Security Today, June 6, 2022 – Atlassian and GitHub issue patches for critical bugs

Share post:

Atlassian and GitHub issue patches for critical bugs. Welcome to Cyber Security Today. It’s Monday, June 6th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. My thanks to IT World Canada CIO Jim Love for filling in while I was away. And now the news:
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
Atlassian has issued security updates that have to be installed immediately to fix a critical vulnerability in two of its main on-premise collaboration products. The vulnerability affects all currently supported versions of Confluence Server and Confluence Data Center. According to the company, hackers are already trying to exploit this bug so it needs to be patched. Briefly, a hole in the language for setting properties of Java objects could allow an unauthenticated user to execute code in a Confluence environment. A SANS Institute analyst notes unsupported versions of Confluence may be affected as well. So if you have an older version of these applications either upgrade to a newer version, make sure Confluence isn’t exposed to the internet or migrate to the cloud version of Confluence. Application developers and administrators using GitLab Community or Enterprise editions are urged to install the latest version as soon as possible. That’s because they include important security fixes. One, in the Enterprise Edition, closes a vulnerability rated as critical. Under certain conditions an attacker could take over the account of a user if it isn’t protected with two-factor authentication. Electronics manufacturer Foxconn has confirmed its Mexico factory was hit by ransomware late last month. The company told SecurityWeek that it is still recovering from the attack but expects the impact on overall operations will be minimal. No details of the attack were given, but the threat group that operates the LockBit 2.0 ransomware recently claimed it stole data from the facility. A Foxconn IT system in the U.S. suffered a ransomware attack in December, 2020. The IT infrastructure that helped spread the FluBot Android malware has been rendered mute. The Europol police co-operative said last week that Dutch police took down the infrastructure with the help of 10 law enforcement agencies, including agencies from the U.S. and Australia. The malware was installed by text messages that asked Android users to click on a link and install an application to track a package delivery, or to listen to a fake voicemail message. Once installed the malicious FluBot application would ask victims for accessibility permissions. Those who said yes had their passwords for accessing financial institutions stolen. The malware spread because it also copied phone number from victims’ contact lists. Europol says there are two ways to tell whether an app is malware: If you tap it and it doesn’t open, and if you try to uninstall an app you get an error message. If you think an app may be malware, reset the smartphone to factory settings. Finally, the annual RSA cybersecurity conference in San Francisco begins today. I’ll be covering some of the sessions with detailed stories on ITWorldCanada.com. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon The post Cyber Security Today, June 6, 2022 – Atlassian and GitHub issue patches for critical bugs first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

Open AI and Google Both Have Major AI Announcements: Hashtag Trending for Thursday, January 16, 2025

OpenAI’s new Tasks feature hints at autonomous AI, Google unveils Titans AI with long-term memory, and where are...

WordPress Co-Founder Warns Lawsuits Could End WordPress.org: Hashtag Trending for Wednesday, January 15, 2025

WordPress Co-Founder Warns Lawsuits Could Mean The End Of  WordPress.org. Tech Leaders Launch $30M Campaign to Protect Bluesky...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways