The Cybersecurity and Infrastructure Security Agency (CISA) has shared a security advisory from the software company Atlassian urging users of the Confluence application to apply the necessary updates to address a critical security vulnerability. Attackers could exploit this vulnerability to acquire sensitive information from users of the Confluence app. Atlassian reports that the vulnerability is likely to be exploited in the wild now that the hardcoded password is publicly known. Many organizations utilize Confluence for project management and for collaboration between remote workers. “The problem primarily impacts organizations using Questions for Confluence Server and Data Center versions 2.7.34, 2.7.35, and 3.0.2 of the app. However, even organizations using other versions of Confluence could potentially be affected,” according to DarkReading. The advisory also provides mitigation recommendations and information for determining if your system has been affected or not. Read more at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!