Security News

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
2024-11-27 11:14

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's...

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
2024-08-07 03:00

The possibility to integrate security in development processes has given rise to DevSecOps, where development and operations teams work together with security teams and all their processes are converged. The incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year.

Bitbucket artifact files can leak plaintext authentication secrets
2024-05-21 19:05

Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. As developers may not be aware that these secrets are exposed in artifact files, the source code may be published to public repositories where threat actors can steal them.

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products
2022-11-19 04:30

Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4.

Atlassian fixes critical command injection bug in Bitbucket Server
2022-11-18 11:59

Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management. Rated critical, the issue in Crowd Server and Data Center is tracked as CVE-2022-43782 and is a misconfiguration that allows an attacker to bypass password checks when authenticating as the Crowd app and to call privileged API endpoints.

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
2022-10-01 06:35

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request.

CISA: Hackers exploit critical Bitbucket Server flaw in attacks
2022-09-30 17:01

The Cybersecurity and Infrastructure Security Agency has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.While Microsoft hasn't yet released security updates to address this pair of actively exploited bugs, it shared mitigation measures requiring customers to add an IIS server blocking rule that would block attack attempts.

Week in review: CISOs’ earnings per year, Atlassian Bitbucket Server and Data Center flaw
2022-09-04 08:00

US-based CISOs get nearly $1 million per yearThe role of the Chief Information Security Officer is a relatively new senior-level executive position within most organizations, and is still evolving. Patch critical flaw in Atlassian Bitbucket Server and Data Center!A critical vulnerability in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers
2022-08-29 18:08

A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. As Atlassian explains in its security advisory, published mid-last week: "An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request."

Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)
2022-08-29 11:03

A critical vulnerability in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances. Bitbucket Server and Data Center are used by software developers around the world for source code revision control, management and hosting.