Atlassian and GitHub release patches for critical bugs.
Welcome to Cybersecurity today. It’s Monday, June 6, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
I thank CIO Jim Love of IT World Canada for filling out the information while I was away. And now the news:
Atlassian released Security updates must be installed immediately to fix critical vulnerabilities in two of its main on-premises collaboration products. The vulnerability affects all currently supported versions of Confluence Server and Confluence Data Center. According to the company, hackers have been trying to exploit this bug so it needs to be patched. In a nutshell, a vulnerability in the language that sets the properties of Java objects could allow unauthenticated users to execute code in a Save environment. An analyst with the SANS Institute noted that unsupported versions of Confluence may also be affected. So if you have older versions of these apps, upgrade to a newer version, make sure Confluence isn’t exposed to the internet, or switch to the cloud version of Confluence.
App developer and administrators using GitLab Community or Enterprise editions are recommended to install the latest version as soon as possible. That’s because they include important security fixes. One, in the Enterprise edition, closes a vulnerability that is rated critical. Under certain conditions, an attacker can take over a user’s account if that account is not protected with two-factor authentication.
Electronics manufacturer Foxconn confirmed that their Mexican plant was hit by ransomware late last month. The company told SecurityWeek that it is still recovering from the attack but expects the impact on overall operations to be minimal. No details of the attack were released, but the threat group operating the LockBit 2.0 ransomware recently claimed that it stole data from the facility. A Foxconn IT system in the US was attacked with ransomware in December 2020.
IT infrastructure helped spread the muted FluBot Android malware. Europol police cooperative last week said Dutch police had dismantled the infrastructure with the help of 10 law enforcement agencies, including those from the US and Australia. The malware is installed by text message asking Android users to click on a link and install an app to track the delivery of a package or listen to a fake voicemail message. Once installed, the malicious FluBot app will ask the victim for accessibility permission. Those who say yes have had their passwords stolen to access financial institutions. The malware spreads because it also copies phone numbers from the victim’s contact list. Europol says there are two ways to tell if an app is malware: If you touch it and it won’t open, and if you try to uninstall an app, you’ll get an error message . If you think an app might be malware, reset your smartphone to factory settings.
Final, The annual RSA cybersecurity conference in San Francisco begins today. I will be presenting several sessions with detailed stories on ITWorldCanada.com. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker. Thank you for listening. I’m Howard Solomon