#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Atlassian | Breaking Cybersecurity News | The Hacker News

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Apr 17, 2024 Encryption / Vulnerability
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage  CVE-2023-22518  (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a threat actor could take over affected systems, leading to a full loss of confidentiality, integrity, and availability. According to cloud security firm Cado, financially motivated cybercrime groups have been observed abusing the newly created admin account to install the Effluence web shell plugin and allow for the execution of arbitrary commands on the host. "The attacker uses this web shell to download and run the primary Cerber payload," Nate Bill, threat intelligence engineer at Cado,  said  in a report shared with The Hacker News. "In a default install, the Confluence applicati
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Mar 21, 2024 Database / Vulnerability
Atlassian has released patches for  more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as  CVE-2024-1597 , the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it "presents a lower assessed risk" despite the criticality. "This org.postgresql:postgresql dependency vulnerability [...] could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction," Atlassian  said . According to a  description  of the flaw in the NIST's National Vulnerability Database (NVD), "pgjdbc, the PostgreSQL JDBC Driver, allows attac
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Jan 17, 2024 Vulnerability / Cyber Threat
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management interface access) CVE-2023-6549 (CVSS score: 8.2) - Denial-of-service (requires that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server) The following customer-managed versions of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21 NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.176 NetS
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

May 15, 2024Enterprise Security / Cloud Computing
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

Oct 31, 2023 Vulnerability / Data Protection
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as  CVE-2023-22518 , the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data Center and Server are susceptible to the bug, and it has been addressed in the following versions - 7.19.16 or later 8.3.4 or later 8.4.4 or later 8.5.3 or later, and 8.6.1 or later That said, the Australian company emphasized that "there is no impact to confidentiality as an attacker cannot exfiltrate any instance data." No other details about the flaw and the exact method by which an adversary can take advantage of it have been made available, likely owing to the fact that doing so could enable threat actors to devise an exploit. Atlassian is also u
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Oct 11, 2023 Cyber Attack / Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as  Storm-0062  (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server," the company  noted  in a series of posts on X (formerly Twitter). "Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application." CVE-2023-22515 , rated 10.0 on the CVSS severity rating system, allows  remote attackers  to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Support rel
Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Oct 05, 2023 Zero Day / Vulnerability
Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as  CVE-2023-22515 , is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to 8.0.0. Confluence sites accessed via an atlassian.net domain are also not vulnerable to this issue. The enterprise software services provider  said  it was made aware of the issue by "a handful of customers." It has been addressed in the following versions of Confluence Data Center and Server - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Support release) or later The company, however, did not disclose any further specifics about the nature and scale of the exploitation, or the root cause of the vulnerability. Customers who are unable to apply the updates are advised
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Sep 22, 2023 Server Security / Vulnerability
Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider  said  that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647  (CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server CVE-2023-22512  (CVSS score: 7.5) - A DoS flaw in Confluence Data Center and Server CVE-2023-22513  (CVSS score: 8.5) - A RCE flaw in Bitbucket Data Center and Server CVE-2023-28709  (CVSS score: 7.5) - A DoS flaw in Apache Tomcat server impacting Bamboo Data Center and Server The flaws have been addressed in the following versions - Jira Service Management Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later) Confluence Server and Data Center (v
Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

Jul 25, 2023 Server Security / Zero Day
Atlassian has  released  updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505  (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and 8.4.0) CVE-2023-22508  (CVSS score: 8.5) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 7.19.8 and 8.2.0) CVE-2023-22506  (CVSS score: 7.5) - Injection, RCE (Remote Code Execution) in Bamboo (Fixed in versions 9.2.3 and 9.3.1) CVE-2023-22505 and CVE-2023-22508 allow an "authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction," the company said. While the first bug was introduced in version 8.0.0, CVE-2023-22508 was introduc
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability

Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability

Feb 03, 2023 Cloud Security / Vulnerability
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The  vulnerability  is tracked as  CVE-2023-22501  (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances," Atlassian  said . "With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into." The tokens, Atlassian noted, can be obtained in either of the two scenarios - If the attacker is included on Jira i
Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Nov 19, 2022
Australian software company Atlassian has rolled out security updates to address  two critical flaws  affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as  CVE-2022-43781  and  CVE-2022-43782 , are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4 (only if mesh.enabled is set to false in bitbucket.properties). The weakness has been described as a case of command injection using environment variables in the software, which could allow an adversary with permission to control their username to gain code execution on the affected system. As a temporary workaround, the company is recommending users turn off the "Public Signup" option (Administration > Authentication). "Disabling public signup would change the attack vector from an unauthenticated attack to an authenticated
CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

Oct 01, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  added  a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as  CVE-2022-36804 , the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request. Successful exploitation, however, banks on the prerequisite that the attacker already has access to a public repository or possesses read permissions to a private Bitbucket repository. "All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability," Atlassian  noted  in a late August 2022 advisory. CISA did
One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Jun 24, 2021
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on ( SSO ) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products," Check Point Research said in an analysis shared with The Hacker News. After the issues were reported to Atlassian on Jan. 8, 2021, the Australian company deployed a fix as part of its  updates  rolled out on  May 18 . The sub-domains affected by the flaws include -  jira.atlassian.com confluence.atlassian.com getsupport.atlassian.com partners.atlassian.com developer.atlassian.com support.atlassian.com training.atlassian.com Successful exploitation of these flaws could result in a supply-ch
WebAuthn Passwordless Authentication Now Available for Atlassian Products

WebAuthn Passwordless Authentication Now Available for Atlassian Products

Jun 15, 2020
Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools. Considering how popular agile has become, it's no wonder Atlassian now serves 83 percent of Fortune 500 companies and has over 10 million active users worldwide. To help create a better experience for these users,  Alpha Serve  has developed WebAuthn add-ons to bring passwordless authentication to various Atlassian products. Having a more convenient and secure way to login to their Atlassian instances should be a welcome development for development teams. How WebAuthn Works WebAuthn is a browser-based security standard recommended by World Wide Web Consortium (W3C) that allows web apps to simplif
Cybersecurity
Expert Insights
Cybersecurity Resources