Month: April 2022

Atlassian, an Australian software company that develops products for software developers, has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company’s web application security framework.

Seraph is used in its Jira and Confluence products for handling all login and logout requests via a system of pluggable core elements.

The flaw is tracked as CVE-2022-0540, and comes with a severity rating of 9.9 out of 10 on the CVSS scoring system. It allows a remote attacker to bypass authentication by sending a specially crafted HTTP request to vulnerable endpoints.

The affects products are Jira Core Server, Jira Software Server, Jira Software Data Center, Jira Service Management Server, and Jira Service Management Data Center.

Only specific versions are impacted.

Users are strongly advised to update to one of the fixed versions. If this is not possible, Atlassian recommends updating the affected apps to a version that has remediated the risk, or disabling the vulnerable apps until patching is possible.

Read more about it here.

Nordex Group, one of the largest manufacturers of wind turbines, was hit by a cyberattack that forced the company to shut down some of its IT systems.

Based in Hamburg, German, Nordex designs, manufactures and sells wind turbines, employing about 8,500 people.

On April 2, 2022, the company announced that on March 31, 2022, it detected it was “subject to a cyber security incident. The intrusion was noted in an early stage and response measures initiated immediately in line with crisis management protocols. As a precautionary measure, the company decided to shut down IT systems across multiple locations and business units.”

Nordex did not disclose further technical details of the cyberattack.

Read more about it here.

Mailchimp, a veteran email marketing platform, has confirmed that hackers used an internal tool on it platform to steal data from 102 of its clients, with the data being used to send phishing emails to users of cryptocurrency services.

MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.

We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/

— Trezor (@Trezor) April 3, 2022

The breach became more apparent when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails. Trezor users received emails claimed to be from Trezor, telling them that their accounts were compromised in a data breach. The email included a link to an updated version of Trezor Suite, along with instructions on how to set up a new pin. In reality, the email was pointing to a phishing site meant to capture the contents of their digital wallets.

Users of Trezor devices have been advised to report any new phishing attempts directly to Trezor, at security@trezor.io.

Read more about it here.