Weaknesses spotted in Atlassian web security, Russia talking cybersecurity and the EU proposes joint cybersecurity platform.
Welcome to Cyber Security Today. It’s Friday June 25. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Breaking into organizations indirectly through the applications they use has become a big worry these days, particularly after the SolarWinds platform attack. These third-party or supply chain attacks are a big concern for IT administrators because they don’t know a software supplier has been compromised until it’s too late.
The reason why I’m telling you this is security software provider Check Point Software revealed this week it discovered serious vulnerabilities in the websites supporting the platform of a company called Atlassian. It sells the Confluence team collaboration and Jira software development applications. With worries about the possibility of someone breaking into applications, Check Point decided to see if its researchers could get into Altassian’s platform. The answer was yes. An Atlassian website could have been compromised with a common attack called cross-site scripting to leave malware. Then a victim could be sent an email or text message that appeared to come from Atlassian with a link to click on. If the victim clicked on the link they would download the malware, which would capture the logged-in session with an Atlassian application. Check Point notified Atlassian of the problems in May and they have been fixed.
The lesson here is there are lots of ways applications can be compromised. Your organization’s websites for customers are among them.
Last week’s big news was the meeting between U.S. President Joe Biden and Russian President Vladamir Putin, where cybersecurity was one item on the agenda. This was because American intelligence agencies have blamed Russian intelligence and Russian-based criminal groups for attacking critical infrastructure in the U.S. The two leaders agreed their staff would talk more about the charges. Well, this week Russia’s RIA news agency quoted the head of the country’s federal security bureau saying it will work with the U.S. to find hackers. Perhaps alluding to Putin’s allegation that hackers are also based in the U.S., the official said Russia hopes for reciprocity.
Finally, the 27-nation European Commission this week proposed creating a Joint Cyber Unit to fight cyber attacks. The combined resources of the member countries would ensure the EU co-ordinates action to prevent, deter and respond to mass cyber incidents and crises.
Don’t forget later today the Week In Review edition will be available. I’ll be talking with Dinah Davis of Arctic Wolf about the role information security professionals should play in organizations, and a new cybersecurity program for high school students in the province of New Brunswick.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.