Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting app traffic to a malicious site.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
December 5, 2019 2:55 pm

“This is not only a reminder for companies to keep on top of their cyber security, but it also highlights how quickly this industry moves, and that some vulnerabilities can hide under the radar. This can sometimes be because some risks are perceived to be too small or simple to take any effect. Locating a vulnerability by accident is not uncommon and this highlights the scale at which threat actors are attacking en masse – especially with attacks that may be overlooked. Companies must always patch their systems at the earliest opportunity to mitigate any zero day threats. Furthermore, antimalware software must be on all endpoints and servers and kept up-to-date.”

Last edited 3 years ago by Jake Moore
1
0
Would love your thoughts, please comment.x
()
x