Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting app traffic to a malicious site.
“This is not only a reminder for companies to keep on top of their cyber security, but it also highlights how quickly this industry moves, and that some vulnerabilities can hide under the radar. This can sometimes be because some risks are perceived to be too small or simple to take any effect. Locating a vulnerability by accident is not uncommon and this highlights the scale at which threat actors are attacking en masse – especially with attacks that may be overlooked. Companies must always patch their systems at the earliest opportunity to mitigate any zero day threats. Furthermore, antimalware software must be on all endpoints and servers and kept up-to-date.”