Last week cyber news
- The city of Pensacola in Florida reports a partial shutdown of telephone services following a ransomware attack.
- The Scranton School District in Pennsylvania reports that some computer services are down due to a cyber-attack.
- New Zealand-based MediaWorks reports that it is investigating a cyber incident after an attacker claims to have stolen information from 2.4 million users.
- The attacker contacted some users directly by email and offered to delete their information for $500.
- Trend Micro published research on a Chinese attack group called Earth Krahang. According to the study, the group broke into 70 organizations, 48 of which are government institutions (Israel is not on the list).
- The international logistics and transport company Radiant Logistics reports that it was forced to shut down part of its business activity in Canada due to a cyber-attack causing various disruptions and delays in service.
Nuclear Research Institute in Dimona Breached
The Anonymous group announced that it managed to steal documents from the Nuclear Research Institute in the Negev (the Dimona nuclear reactor). The group published about 6GB of information, in which one can find documents from recent years related in one way or another to center for nuclear research (financial documents, presentations, invoices for cyber products, etc.). At this stage it is not clear what the source of the information is, its sensitivity, and whether it was taken from the center’s organizational network or from another source.
Update – the cyber-attack on Rushim company and the impact on the various colleges that were affected.
Following the attack, the Kinneret Academic College had to postpone exams, extend the deadlines for submitting theses, and more. The attack disabled some of the computer systems used by the students and much information was corrupted by the attackers. The college states that they are working diligently to restore the materials.
Official Email Account of the Belgian Grand Prix Racetrack Hacked
Attackers hacked into the official email account of the Belgian Grand Prix racetrack and distributed a malicious email to users. In the email sent by the attackers from the official address, they offered users a €50 discount for purchasing race tickets and directed them to a malicious website to leave details.
Fujitsu Suspects Data Leak
The Fujitsu company reports on suspicion of leaking information after it found employees company computers to be infected. In the report published by the company, it states that as soon as the damage was discovered, it disconnected the affected computers from the network.
Atlassian Patches for 24 Vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products
Atlassian announced patches for 24 vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical-severity bug that could be exploited without user interaction.Tracked as CVE-2024-1597 (CVSS score of 10) and described as an SQL injection issue, the critical-severity flaw impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server.
According to Atlassian, the issue “could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction”.
The vulnerability affects Bamboo Data Center and Server versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0, and was addressed with the release of versions 9.6.0 (LTS), 9.5.2, 9.4.4, and 9.2.12 (LTS), which also address a high-severity flaw leading to denial-of-service (DoS).
Tracked as CVE-2024-21634 (CVSS Score of 7.5) and impacting a third-party component, the DoS vulnerability was also patched in Bitbucket Data Center and Server.
Atlassian also announced patches for a high-severity path traversal in Confluence Data Center and Server and a high-severity DoS bug in a third-party dependency of the product. Confluence versions 8.8.1, 8.5.7 LTS, and 7.19.20 LTS resolve both issues.
Jira Software Data Center and Server security updates released on Tuesday address 20 high-severity vulnerabilities, including 16 leading to DoS, three leading to remote code execution (RCE), and one server-side request forgery (SSRF) bug.
Impacting various third-party dependencies and exploitable without authentication, the security defects were patched in Jira Software Data Center and Server versions 9.14.1, 9.14.0, 9.12.5 LTS, and 9.4.18 LTS.
Users are advised to update their instances to the latest version of the affected products. Atlassian makes no mention of any of these vulnerabilities being exploited in the wild.
