.png)
Atlassian recently issued a warning regarding a critical security flaw in Confluence Data Center and Server, denoted as CVE-2023-22518. This vulnerability, rated at 9.1 on the CVSS scoring system, poses a significant threat to data integrity if exploited by an unauthenticated attacker. Described as an "improper authorization vulnerability," it affects all versions of Confluence Data Center and Server.
To mitigate this risk, Atlassian has released patches in the following versions:
While there is no impact on confidentiality, Atlassian urges users to take immediate action. For instances accessible to the public internet, disconnection is recommended until the patch is applied. Additionally, users running versions outside the support window should upgrade to a fixed version. Notably, Atlassian Cloud sites remain unaffected.
The Update
Atlassian has reemphasized the need for customers to apply the patches promptly following the public release of critical information about the vulnerability. Although there are no reported exploits, immediate action is advised to safeguard instances.
Risk:
The risk associated with CVE-2023-22518 is considerable, with the potential for significant data loss. While confidentiality remains intact, immediate action is crucial to prevent exploitation.
Recommendations:
Okta recently experienced a security breach in its support system, attributing it to an employee logging into a personal Google account on a company-managed laptop. This internal lapse exposed credentials that led to the unauthorized access of files associated with 134 Okta customers.
From September 28, 2023, to October 17, 2023, a threat actor gained access to files, including HAR files containing session tokens. These tokens were subsequently used for session hijacking attacks on five customers. The compromised account had permissions to view and update customer support cases.
The exposure of credentials was likely through the compromise of the employee's personal Google account or device. Okta acknowledged a failure of internal controls during the 14-day investigation, where suspicious downloads were not identified promptly.
Risk:
The breach poses a risk of session hijacking and unauthorized access to customer support cases, impacting the security of affected customers.
Recommendations:
The BlackCat ransomware group claims a successful hack into Henry Schein, a major healthcare company, resulting in the compromise of a significant amount of data, including employee payroll and shareholder information. Despite Henry Schein's proactive measures, the group, known for targeting various sectors, disrupted the company's systems and demanded a deal.
On October 15, Henry Schein temporarily shut down some systems in response to the cyberattack, implementing precautionary measures to contain the incident. While certain business operations experienced disruptions, the Henry Schein One practice management software remains unaffected.
Approximately two weeks later, the BlackCat group, on their dark web leak site, asserted hacking into Henry Schein's system and extracting 35 terabytes of crucial files. They claimed to have relocked the company's devices, citing failed negotiations.
Risk:
The breach poses a significant risk to sensitive data, including employee payroll and shareholder information. Business operations were temporarily disrupted, affecting Henry Schein's services.
Recommendations:
*Subscribe to our newsletter
.svg)
.png)
.png)