{"id":23647,"date":"2022-06-06T08:16:32","date_gmt":"2022-06-06T12:16:32","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=487100"},"modified":"2022-06-06T10:51:09","modified_gmt":"2022-06-06T14:51:09","slug":"cyber-security-today-june-6-2022-atlassian-and-github-issue-patches-for-critical-bugs","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-june-6-2022-atlassian-and-github-issue-patches-for-critical-bugs\/","title":{"rendered":"Cyber Security Today, June 6, 2022 \u2013 Atlassian and GitHub issue patches for critical bugs"},"content":{"rendered":"<p>Atlassian and GitHub issue patches for critical bugs.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Monday, June 6th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p>My thanks to IT World Canada CIO Jim Love for filling in while I was away. And now the news:<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23329781\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Atlassian has issued<\/strong> <a href=\"https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2022-06-02-1130377146.html\" rel=\"noopener\">security updates<\/a> that have to be installed immediately to fix a critical vulnerability in two of its main on-premise collaboration products. The vulnerability affects all currently supported versions of Confluence Server and Confluence Data Center. According to the company, hackers are already trying to exploit this bug so it needs to be patched. Briefly, a hole in the language for setting properties of Java objects could allow an unauthenticated user to execute code in a Confluence environment. A SANS Institute analyst notes unsupported versions of Confluence may be affected as well. So if you have an older version of these applications either upgrade to a newer version, make sure Confluence isn\u2019t exposed to the internet or migrate to the cloud version of Confluence.<\/p>\n<p><strong>Application developers<\/strong> and administrators using GitLab Community or Enterprise editions are urged to install the latest version as soon as possible. That\u2019s because they include <a href=\"https:\/\/about.gitlab.com\/releases\/2022\/06\/01\/critical-security-release-gitlab-15-0-1-released\/\" rel=\"noopener\">important security fixes<\/a>. One, in the Enterprise Edition, closes a vulnerability rated as critical. Under certain conditions an attacker could take over the account of a user if it isn\u2019t protected with two-factor authentication.<\/p>\n<p><strong>Electronics manufacturer Foxconn<\/strong> has confirmed its Mexico factory was hit by ransomware late last month. <a href=\"https:\/\/www.securityweek.com\/foxconn-confirms-ransomware-hit-factory-mexico\" rel=\"noopener\">The company told SecurityWeek<\/a> that it is still recovering from the attack but expects the impact on overall operations will be minimal. No details of the attack were given, but the threat group that operates the LockBit 2.0 ransomware recently claimed it stole data from the facility. A Foxconn IT system in the U.S. suffered a ransomware attack in December, 2020.<\/p>\n<p><strong>The IT infrastructure<\/strong> that helped spread the FluBot Android malware has been rendered mute. <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/takedown-of-sms-based-flubot-spyware-infecting-android-phones\" rel=\"noopener\">The Europol police co-operative said<\/a> last week that Dutch police took down the infrastructure with the help of 10 law enforcement agencies, including agencies from the U.S. and Australia. The malware was installed by text messages that asked Android users to click on a link and install an application to track a package delivery, or to listen to a fake voicemail message. Once installed the malicious FluBot application would ask victims for accessibility permissions. Those who said yes had their passwords for accessing financial institutions stolen. The malware spread because it also copied phone number from victims\u2019 contact lists. Europol says there are two ways to tell whether an app is malware: If you tap it and it doesn\u2019t open, and if you try to uninstall an app you get an error message. If you think an app may be malware, reset the smartphone to factory settings.<\/p>\n<p><strong>Finally,<\/strong> the annual RSA cybersecurity conference in San Francisco begins today. I\u2019ll be covering some of the sessions with detailed stories on ITWorldCanada.com. You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I\u2019m Howard Solomon<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-6-2022-atlassian-and-github-issue-patches-for-critical-bugs\/487100\">Cyber Security Today, June 6, 2022 \u2013 Atlassian and GitHub issue patches for critical bugs<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today&#8217;s episode reports on critical security updates issued by Atlassian and GitHub, a ransomware attack on Foxconn and the\u00a0 takedown of the FluBot Android malware\u00a0<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-june-6-2022-atlassian-and-github-issue-patches-for-critical-bugs\/487100\">Cyber Security Today, June 6, 2022 \u2013 Atlassian and GitHub issue patches for critical bugs<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-23647","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=23647"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23647\/revisions"}],"predecessor-version":[{"id":23674,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/23647\/revisions\/23674"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20700"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=23647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=23647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=23647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}