Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting app traffic to a malicious site.

Experts Comments

December 05, 2019
Jake Moore
Cybersecurity Specialist
ESET
“This is not only a reminder for companies to keep on top of their cyber security, but it also highlights how quickly this industry moves, and that some vulnerabilities can hide under the radar. This can sometimes be because some risks are perceived to be too small or simple to take any effect. Locating a vulnerability by accident is not uncommon and this highlights the scale at which threat actors are attacking en masse – especially with attacks that may be overlooked. Companies must.....Read More
“This is not only a reminder for companies to keep on top of their cyber security, but it also highlights how quickly this industry moves, and that some vulnerabilities can hide under the radar. This can sometimes be because some risks are perceived to be too small or simple to take any effect. Locating a vulnerability by accident is not uncommon and this highlights the scale at which threat actors are attacking en masse – especially with attacks that may be overlooked. Companies must always patch their systems at the earliest opportunity to mitigate any zero day threats. Furthermore, antimalware software must be on all endpoints and servers and kept up-to-date.”  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.