Atlassian Zero-day Vulnerability Exposed

By   ISBuzz Team
Writer , Information Security Buzz | Dec 05, 2019 06:53 am PST

Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting app traffic to a malicious site.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
December 5, 2019 2:55 pm

“This is not only a reminder for companies to keep on top of their cyber security, but it also highlights how quickly this industry moves, and that some vulnerabilities can hide under the radar. This can sometimes be because some risks are perceived to be too small or simple to take any effect. Locating a vulnerability by accident is not uncommon and this highlights the scale at which threat actors are attacking en masse – especially with attacks that may be overlooked. Companies must always patch their systems at the earliest opportunity to mitigate any zero day threats. Furthermore, antimalware software must be on all endpoints and servers and kept up-to-date.”

Last edited 4 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x