Atlassian and GitHub issue patches for critical bugs.
Welcome to Cyber Security Today. It’s Monday, June 6th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
My thanks to IT World Canada CIO Jim Love for filling in while I was away. And now the news:
Atlassian has issued security updates that have to be installed immediately to fix a critical vulnerability in two of its main on-premise collaboration products. The vulnerability affects all currently supported versions of Confluence Server and Confluence Data Center. According to the company, hackers are already trying to exploit this bug so it needs to be patched. Briefly, a hole in the language for setting properties of Java objects could allow an unauthenticated user to execute code in a Confluence environment. A SANS Institute analyst notes unsupported versions of Confluence may be affected as well. So if you have an older version of these applications either upgrade to a newer version, make sure Confluence isn’t exposed to the internet or migrate to the cloud version of Confluence.
Application developers and administrators using GitLab Community or Enterprise editions are urged to install the latest version as soon as possible. That’s because they include important security fixes. One, in the Enterprise Edition, closes a vulnerability rated as critical. Under certain conditions an attacker could take over the account of a user if it isn’t protected with two-factor authentication.
Electronics manufacturer Foxconn has confirmed its Mexico factory was hit by ransomware late last month. The company told SecurityWeek that it is still recovering from the attack but expects the impact on overall operations will be minimal. No details of the attack were given, but the threat group that operates the LockBit 2.0 ransomware recently claimed it stole data from the facility. A Foxconn IT system in the U.S. suffered a ransomware attack in December, 2020.
The IT infrastructure that helped spread the FluBot Android malware has been rendered mute. The Europol police co-operative said last week that Dutch police took down the infrastructure with the help of 10 law enforcement agencies, including agencies from the U.S. and Australia. The malware was installed by text messages that asked Android users to click on a link and install an application to track a package delivery, or to listen to a fake voicemail message. Once installed the malicious FluBot application would ask victims for accessibility permissions. Those who said yes had their passwords for accessing financial institutions stolen. The malware spread because it also copied phone number from victims’ contact lists. Europol says there are two ways to tell whether an app is malware: If you tap it and it doesn’t open, and if you try to uninstall an app you get an error message. If you think an app may be malware, reset the smartphone to factory settings.
Finally, the annual RSA cybersecurity conference in San Francisco begins today. I’ll be covering some of the sessions with detailed stories on ITWorldCanada.com. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon