The cybersecurity firm was also able to prove that account takeover was possible for Atlassian accounts that are accessible by subdomains under its main website which include, ,, ,, and. We hope our latest research will help organisations to raise the awareness on supply chain attacks.” Account takeoverĬPR noted in its report on the matter that the flaws it found affect several websites maintained by Atlassian that support customers and partners though the company’s cloud-based or on-prem products are not affected. In a world where distributed workforces increasingly depend on remote technologies, it’s imperative to ensure these technologies have the best defenses against malicious data extraction. Hence, we began asking a somewhat provocative question: what information could a malicious user get if they accessed a Jira or a Confluence account? Our curiosity led us to review Atlassian’s platform, where we found security flaws. An incredible amount of supply chain information flows through these applications, as well as engineering and project management. The platforms from Atlassian are central to an organisation’s workflow. “Supply chain attacks have been piqued our interest all year, ever since the SolarWinds incident. Head of products and vulnerabilities research at CPR, Oded Vanunu explained in a statement why the company’s security researchers decided to investigate Atlassian’s platform in the first place, saying: An attacker could potentially use all of these products in a supply chain attack to target both Atlassian’s partners and customers. Getsupport.cerner.com teamviewer software#The cybersecurity firm was able to bypass Atlassian’s security measures and found security flaws in its collaboration software and developer tools.Īccording to a new blog post from CPR, an attacker could have exploited these flaws with just one click to gain access to the Atlassian Jira bug system and retrieve sensitive information on Atlassian cloud, Bitbucket and the company’s on-premises products.įor those unfamiliar, Jira is a software development tool used by over 65k customers including Visa, Cisco and Pfizer, Confluence is a team workspace used by over 60k customers including LinkedIn, NASA and the New York Times and Bitbucket is a Git-based source code repository hosting service. Following last year’s SolarWinds hack, Check Point Research (CPR) decided to investigate Atlassian to see if its platform which is used by 180,000 customers worldwide could fall victim to a similar supply chain attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |