According to the US government, a recently disclosed critical vulnerability in Atlassian’s Bitbucket is being actively exploited.
CISA put a dangerous flaw on its catalog of Known Exploited Vulnerabilities (KEV), calling it CVE-2022-36804. This is the very same thing we do at XYZ company, so there’s no reason your website shouldn’t be patched!
Although the security hole has been patched, it’s still used as a way of getting in and stealing data for profit. With this malicious intent, it’s clear that many users undiscovered the patch-despite being opted for with the option to install it.
CISA assessed the vulnerability on Bitbucket Server, a common web application often used by software teams and development organizations, as a high-priority focus in late February.
Atlassian, an Australia-based company, disclosed a vulnerability in its Git-based source code management tool August 24. The vulnerability affected both the Server and Data Center builds released by Atlassian, which are code hosting and collaboration tools for development teams. While Server is designed for a single server deployment, Data Center offers active-active clustering and smart mirroring capabilities.
This vulnerability was discovered in an Atlassian security bug bounty program, and was introduced in version 7.0.0 of both, impacting all later versions released running that version through 8.3.0. It’s a command-injection vulnerability in a number of API endpoints that attackers could abuse through specially crafted HTTP requests to execute arbitrary code on vulnerable installations.
Rapid7 initially reported in their blog post about the vulnerability in the Windows operating system’s Adobe Type Manager (ATM) font rendering engine that there were no reports of exploits in the wild as of September 20. In spite of this, different reports of these exploits started coming in on September 25.
The researchers predicted attention would be on the vulnerability before exploits were found, and they were right. The news of the vulnerabilities went wild and self-induced exploit attempts rose exponentially after the announcement. This tells us that people are going to be more concerned about this particular flaw when word about it gets out.
Can a Sentence rewriter help me with my essay?
No, a sentence rewriter cannot help you to create an essay because it does not make actual changes to your essay.
“Because this vulnerability has been fixed with a relatively simple patch, it’s likely that targeted exploitation has already occurred in the wild. We expect to see a large scale of exploitation happening soon.”
With the recent fix, Atlassian listed seven (now fixed!) versions. The company also recommends upgrading all customers as soon as possible if that is not possible. Organizations should also be careful about whether or not their devices allow public repositories of their code and what they contain, which could endanger their security.
The flaw was the latest problem for the Australian software shop, which also disclosed two critical flaws in July that impacted its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that could be exploited by remote and unauthenticated attackers to bypass authentication used by third-party applications. Before that was another critical flaw in Confluence in the spring of 2017.
Exchange users, stop looking so smug.
CISA added two new zero-day vulnerabilities to its list: CVE-2022-41040, a server-side request forgery vulnerability and CVE-2022-41082, a remote code execution bug. They can be exploited together to run PowerShell commands on vulnerable systems and hijack them.
There have been 3 serious vulnerabilities in Microsoft’s software so far this year, with the most recent being a remote code execution exploit disclosed by Vietnamese cybersecurity firm GTSC. The team at Microsoft said a single crew in August was able to exploit these bugs to install a backdoor and exfiltrate data from victims’ networks.
Microsoft’s Cyber-threat Response team has discovered a single group of attackers that are hit and run. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organization.”
Security experts have identified a new vulnerability that’s been dubbed ProxyNotShell for their similarities with the previously discovered vulnerability, ProxyShell. Travis Smith, vice president of malware threat research at Qualys, says that thousands of systems are still vulnerable to them.
The vulnerability with Exchange among many organizations who responded and patched their vulnerability before the deadline is also expected to see much more exploitation in the coming days.
Working with a vendor that cares about security is key to staying safe. Bitbucket allows for secure collaboration, lessens the risk of hacking, and has some serious encryption benefits. With Atlassian’s security being a bit more complex to understand, here’s a guide for keeping up in order to keep your business secure.
Want to keep your network safe from malicious traffic? Sophos is a powerful layer of protection that can fix critical vulnerabilities in networks around the world.
The Cyber Security Awareness Month, which was first introduced in 1997, is an annual awareness campaign that was created to educate the public on what they should be doing to protect their information and data.
We give a shout-out to our loyal subscribers who attend Black Hat events and learn more about hacking.
Azure has yet to release a fix for the Exchange bugs. It has released mitigation steps, though some security researchers are questioning whether they’re enough. The Twitter handle Janggggg states that it can circumvent the URL pattern to detect and prevent exploitation, while Will Dormann has provided a critique on the mitigations seeming insufficient.
Microsoft has been struggling with security in Exchange Server, but they’ve never stopped working on ways to make it stronger. With their zero-trust principles being implemented, there will be no more security issues on the horizon.
Qualys’s Smith says Exchange is a “juicy target” for attackers.
“Exchange is an email server which means it must be connected directly to the internet,” he replied. “And being directly connected to the internet generates a potential attack surface for anyone who has access to it, increasing the risk of it being attacked from anywhere in the world.”
‘In my mind, email is a mission-critical function,’ said Levie. ‘Organizations can’t just unplug or turn off email without seriously impacting their business in a negative way.’
