Security News

Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.

Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations. Java 15-18 ECDSA doesn't sanity check that the random x coordinate and signature proof are nonzero; a signature validates any message.

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller that could be abused by an unauthenticated, remote attacker to take control of an affected system. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials."

How cybercriminals are creating malicious hyperlinks that bypass security software. A report released Thursday by email security provider Avanan reveals how a coding practice called Quoted-printable is being used in phishing emails to present malicious links as legitimate.

Cloudflare sees signs of Russians increasingly turning to Western news sources to get accurate information about the situation in Ukraine. A new blog post published today by Cloudflare presents statistical evidence that the netizens of Russia are adopting blockage circumvention tools pretty aggressively to access British, American, and French news sites.

Russia has created its own trusted TLS certificate authority to solve website access problems that have been piling up after sanctions prevent certificate renewals. The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates.

The Treasury Department's Financial Crimes Enforcement Network warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia's invasion of Ukraine. FinCEN said [PDF] that it's critical to "Identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence."

Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein said in a deep-dive published last week.

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.