Podcasts about atlassian confluence

  • 29PODCASTS
  • 35EPISODES
  • 48mAVG DURATION
  • ?INFREQUENT EPISODES
  • Dec 9, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about atlassian confluence

Latest podcast episodes about atlassian confluence

CISSP Cyber Training Podcast - CISSP Training Program
CCT 200: Understanding Account Provisioning (CISSP Domain 5)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Dec 9, 2024 40:18 Transcription Available


Send us a textUnlock the secrets of safeguarding your digital empire with an urgent cybersecurity update from Sean Gerber on the CISSP Cyber Training Podcast. Imagine a vulnerability so severe it's rated at a critical level of 10—this is the reality for Atlassian Confluence users, and immediate action is non-negotiable. Arm yourself with strategies from CISSP domain 5.5.1 that shape the provisioning, onboarding, and maintenance of systems. Learn how to craft robust account management plans that are the keystone in your organization's defense against breaches.Transform your team into a frontline defense force with our insights on creating impactful employee security awareness training. We tackle the power of a simple one-page document to revolutionize your approach, especially if you're the lone security warrior in your firm. Discover how understanding industry standards like GDPR and CMMC can empower your workforce to act as vigilant sensors against potential threats. We also touch on how to navigate the complexities of multinational teams, ensuring inclusive and effective cybersecurity dialogues.Close the doors on security threats by mastering the deprovisioning and offboarding processes. Elevate your knowledge with the significance of automating the removal of stale accounts, reducing the risk of hackers exploiting overlooked credentials. Dive deep into Role-Based Access Control (RBAC) and password management strategies that align permissions with job roles, simplifying security while mitigating risks. With compelling insights into password policies and the need for senior leadership buy-in, you'll be equipped to advocate for enhanced security measures that protect your organization.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

discover dive transform account elevate arm gdpr domain cissp provisioning atlassian confluence sean gerber role based access control rbac
The Daily Decrypt - Cyber News and Discussions
Fake Browser Updates, Atlassian RCE Exploit, glup-debugger-log

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Jun 4, 2024


In today's episode, we discuss fake browser updates distributing BitRAT and Lumma Stealer via Discord (https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html), a malicious npm package targeting Gulp users with a RAT (https://thehackernews.com/2024/06/researchers-uncover-rat-dropping-npm.html), and the high-severity Atlassian Confluence RCE vulnerability (CVE-2024-21683) for which a PoC is now available (https://www.helpnetsecurity.com/2024/06/03/cve-2024-21683-poc/). Tune in to learn about these critical cybersecurity threats and how you can protect your systems.Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Browser Updates, Cybersecurity Threat, BitRAT, Lumma Stealer, eSentire, Fake Browser Updates, Discord, Malicious npm Package, Gulp Toolkit, Remote Access Trojans, Software Supply Chain Attacks, CVE-2024-21683, Atlassian Confluence, Remote Code Execution, Cyber Attackers, Cybersecurity Researchers, Downloader Malware, Exploit, Developer Security, Cyber Attack Mitigation Search Phrases: How to avoid fake browser updates BitRAT malware detection What is Lumma Stealer Discord used for malware distribution Malicious npm packages 2024 Latest remote access trojans CVE-2024-21683 Atlassian Confluence vulnerability Protect against software supply chain attacks eSentire cybersecurity report Remote code execution in Atlassian Confluence https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html Rise of Fake Browser Updates as Malware Vectors: Cybercriminals now use fake browser updates to distribute BitRAT and Lumma Stealer malware. These attacks typically start when users visit compromised websites that redirect them to fraudulent update pages. Actionable Insight: Avoid downloading updates from unfamiliar sources; always verify the legitimacy of update prompts through official channels. Discord as a Malware Distribution Platform: Attackers use Discord to host malicious files, leveraging its widespread use among legitimate users. Bitdefender found over 50,000 harmful links on Discord in the past six months. Actionable Insight: Exercise caution when downloading files from Discord and report suspicious links to platform moderators. Sophisticated Attack Chain Mechanisms: Attacks involve JavaScript and PowerShell scripts within ZIP files to execute malware. These scripts load additional payloads disguised as PNG image files, adding a layer of obfuscation. Actionable Insight: Use advanced endpoint protection that can detect and mitigate script-based attacks. BitRAT and Lumma Stealer Capabilities: BitRAT can harvest data, mine cryptocurrency, and take control of infected devices. Lumma Stealer, available for rent, steals information from web browsers and crypto wallets. Actionable Insight: Regularly update and patch software, employ strong passwords, and use multi-factor authentication to protect sensitive information. Emerging Threats: Drive-by Downloads and Malvertising: Fake browser update attacks often utilize drive-by downloads and malvertising techniques. Recent campaigns trick users into manually executing malicious PowerShell code under the guise of browser updates. Actionable Insight: Educate users on the risks of drive-by downloads and ensure robust network defenses are in place. Lumma Stealer's Growing Popularity: Lumma Stealer logs for sale increased by 110% from Q3 to Q4 2023, indicating its effectiveness and high success rate. Actionable Insight: Implement continuous monitoring and threat intelligence to detect and respond to emerging threats promptly. Exploiting Pirated Software: Attackers use pirated software and adult game installers to distribute various malware, including Orcus RAT and XMRig miner. Actionable Insight: Avoid using pirated software and educate users about the risks involved. CryptoChameleon's DNSPod Utilization: CryptoChameleon uses DNSPod servers for fast flux evasion, making it difficult to track and mitigate. Actionable Insight: Employ advanced DNS security measures and stay updated on threat actor tactics to enhance detection capabilities. Malicious npm Package Alert: Cybersecurity researchers discovered a suspicious npm package named "glup-debugger-log" targeting Gulp users. This package aims to drop a remote access trojan (RAT) on compromised systems. [Source: Phylum] Target Audience: The malicious package specifically targets developers using the Gulp toolkit by posing as a logger for Gulp plugins. So far, it has been downloaded 175 times. [Source: Phylum] Technical Breakdown: The package contains two obfuscated files working together. One file acts as an initial dropper to compromise the target machine and download additional malware. The other file provides persistent remote access to the attacker. [Source: Phylum] Detection Evasion: The malware includes checks for network interfaces, specific Windows OS types, and the number of files in the Desktop folder. This step likely aims to avoid deployment in controlled environments like virtual machines (VMs) or new installations. [Source: Phylum] Persistence Mechanism: If all checks pass, the malware launches another script to set up persistence and execute commands from a URL or local file. It establishes an HTTP server on port 3004 to listen for incoming commands. [Source: Phylum] Capabilities: The RAT can execute arbitrary commands and send the output back to the attacker. Despite its minimal functionality, the malware is sophisticated due to its obfuscation techniques and targeted approach. [Source: Phylum] Industry Implications: This discovery highlights the evolving landscape of malware in open-source ecosystems. Attackers are increasingly using clever techniques to create compact, efficient, and stealthy malware. [Source: Phylum] Critical Update Alert: If you self-host Atlassian Confluence Server or Data Center, immediately upgrade to the latest version to fix a remote code execution (RCE) flaw, CVE-2024-21683. The PoC and technical details are already public. (Source: SonicWall) Vulnerability Details: CVE-2024-21683 allows attackers to exploit Confluence via a specially crafted JavaScript language file, with no user interaction required. However, attackers must be logged in and have privileges to add new macro languages. (Source: SonicWall) Technical Insight: The flaw lies in the input validation mechanism of the 'Add a new language' function in the 'Configure Code Macro' section. Insufficient validation allows the injection of malicious Java code. (Source: SonicWall) Exploit Conditions: To exploit, an attacker needs network access to the system, the ability to add new macro languages, and a forged JavaScript file containing malicious Java code. (Source: SonicWall) Proof of Concept: A working PoC is available on GitHub, showcased by security researcher Huong Kieu, highlighting the ease with which this vulnerability can be weaponized. (Source: GitHub) Upgrade Urgency: Given Confluence's critical role in many organizations' knowledge bases, users are strongly advised to upgrade to the latest versions as per the vendor advisory to mitigate potential exploits. (Source: SonicWall) Impact and Mitigation: The vulnerability has a high impact on system confidentiality, integrity, and availability. SonicWall has released IPS signatures (4437 and 4438) to protect against exploitation. (Source: SonicWall) Listener Engagement: Have you upgraded your Confluence instance yet? What's your strategy for handling such critical updates? Share your thoughts with us!

The CyberWire
The mother of all data breaches.

The CyberWire

Play Episode Listen Later Jan 23, 2024 31:49 Very Popular


The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Microsoft Security's Afternoon Cyber Tea podcast host, Ann Johnson, speaks with Caitlin Sarian, known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here.  Selected Reading Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA's Easterly the target of ‘harrowing' swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) UK water company that serves millions confirms system attackIndian ISP Hathway Data Breach (The Record) Hacker Leaks 4 Million Users, KYC Data (HACKREAD) Massachusetts hospital claimed to be targeted by Money Message ransomware (SC Media) HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies (The Register) HP CEO evokes James Bond-style hack via ink cartridges (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

It's 5:05! Daily cybersecurity and open source briefing
Episode 252: Edwin Kwan: Equifax Ltd fined £11 million for Preventable Cybersecurity Breach; Ian Garrett: 10 Hidden Costs Draining CISO Security Budgets (Part 1); Mark Miller: Follow Up to Atlassian Confluence Level 10 Vulnerability Alert; Marcel Brown:

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Oct 17, 2023 8:51


Free, ungated access to all 250+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

Cyber Security Today
Cyber Security Today, Oct. 13, 2023 -- A ransomware gang offers cash for employees to betray their firms

Cyber Security Today

Play Episode Listen Later Oct 13, 2023 5:00


Hackers are trying to exploit unpatched Atlassian Confluence servers and Progress Software WS_FTP file transfer software, and more

Cyber Security Headlines
Hijacked 404 pages, Chinese attackers target Confluence, Adobe's "icon of transparency"

Cyber Security Headlines

Play Episode Listen Later Oct 12, 2023 7:21


404 pages hijacked Atlassian Confluence attacked by state-backed actors Adobe's “icon of transparency” Thanks to today's episode sponsor, Hyperproof It's more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That's where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.

Talion Threat Set Radio
Threat Bulletin #238

Talion Threat Set Radio

Play Episode Listen Later Oct 6, 2023 6:19


New BunnyLoader MaaS becomes popular due to features and pricing.Atlassian Confluence under active exploitation from new 0-day.Looney Tunables vulnerability enables root on popular Linux distros.

threats linux bulletin atlassian confluence
Security Now (MP3)
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack

Security Now (MP3)

Play Episode Listen Later Aug 3, 2022 133:24 Very Popular


Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow

Security Now (Video HD)
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack

Security Now (Video HD)

Play Episode Listen Later Aug 3, 2022 133:24 Very Popular


Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow

Security Now (Video HI)
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack

Security Now (Video HI)

Play Episode Listen Later Aug 3, 2022 133:24


Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow

Security Now (Video LO)
SN 882: Rowhammer's Nine Lives - TLS-Anvil, Chrome cookies stick around, Atlassian Confluence under attack

Security Now (Video LO)

Play Episode Listen Later Aug 3, 2022 133:24


Picture of the Week. Atlassian's "Confluence" under attack. LS-Anvil. Google delays Chrome's cookie phase-out again. Attacker responding to loss of Office Macros. SpinRite. Closing The Loop. RIP: Nichelle Nichols. "The Dropout" on Hulu and "WeCrashed" on AppleTV+. Winamp releases new version after four years in development. Rowhammer's Nine Lives. We invite you to read our show notes at https://www.grc.com/sn/SN-882-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: tanium.com/twit itpro.tv/securitynow use code: SN30 grammarly.com/securitynow

Paul's Security Weekly TV
Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205

Paul's Security Weekly TV

Play Episode Listen Later Jul 29, 2022 40:13


Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw205

Decipher Security Podcast
Source Code 7/29

Decipher Security Podcast

Play Episode Listen Later Jul 29, 2022 5:49


In this week's Source Code podcast, Decipher discusses a reissued Security Directive from the TSA, new Microsoft research and a hearing with the House Select Committee on Intelligence about cyber mercenary groups,  and an actively exploited Atlassian Confluence bug.

Application Security Weekly (Video)
Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205

Application Security Weekly (Video)

Play Episode Listen Later Jul 29, 2022 40:13


Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw205

Paul's Security Weekly TV
Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205

Paul's Security Weekly TV

Play Episode Listen Later Jul 26, 2022 40:13


Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw205

Paul's Security Weekly
ASW #205 - Ferruh Mavituna

Paul's Security Weekly

Play Episode Listen Later Jul 25, 2022 76:47


Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.   Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw205

dirty dancing pressured vuln oauth appsec atlassian confluence invicti invicti security ferruh mavituna
Application Security Weekly (Audio)
ASW #205 - Ferruh Mavituna

Application Security Weekly (Audio)

Play Episode Listen Later Jul 25, 2022 76:47


Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.   Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw205

dirty dancing pressured vuln oauth appsec atlassian confluence invicti invicti security ferruh mavituna
Cyber Security Today
Cyber Security Today, June 27, 2022 - A warning to firms using VoIP systems, malicious files in an open source Python registry, and more

Cyber Security Today

Play Episode Listen Later Jun 27, 2022 4:59


This episode reports on how a vulnerability in a VoIP system, nearly led to a ransomware attack, why files in open source registries should be handled with care, and a hacker is selling access to compromised Atlassian Confluence servers

ScanNetSecurity 最新セキュリティ情報
Atlassian Confluence において URI の検証不備により遠隔から任意のコードが実行可能となる脆弱性(Scan Tech Report)

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Jun 21, 2022


2022 年 6 月に、Atlassian 社の Confluence に遠隔からの任意のコード実行が可能となる脆弱性が報告されています。

scan tech report atlassian confluence
Talion Threat Set Radio
Threat Bulletin #173

Talion Threat Set Radio

Play Episode Listen Later Jun 9, 2022 7:46


Two recent flaws can be combined to create very sophisticated phishing attacks.Dridex authors EvilCorp become a LockBit affiliate, likely in another effort to evade sanctions.POC code released for “trivial” to exploit Atlassian Confluence vulnerability.

Sophos Podcasts
S3 Ep86: The crooks were in our network for HOW long?!

Sophos Podcasts

Play Episode Listen Later Jun 8, 2022 23:18


The dawn of the x86 era. The Active Adversary Playbook. A sort-of zero day in Windows. A real-life zero-day in Atlassian Confluence. And the registry settings that could keep you in your job. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note

Cyber, cyber...
Cyber, Cyber… – 219 – Raport (3.06.2022 r.) – Krytyczna luka w Atlassian Confluence

Cyber, cyber...

Play Episode Listen Later Jun 3, 2022 7:35


Kontynuujemy specjalną edycję naszego podcastu w nowej formule codziennych raportów. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. Dzisiejszy odcinek poprowadziła Ewa Matusiak. Dzisiejsze tematy: Krytyczna luka w Atlassian Confluence aktywnie wykorzystywana w atakach Oprogramowanie chipsetu Intel celem ataków Conti Foxconn potwierdza, że atak ransomware zakłócił produkcję w More

Bourbon and Breaches by HackNotice
Bourbon & Data Breaches Ep. 31 Week of 09.06.21

Bourbon and Breaches by HackNotice

Play Episode Listen Later Sep 20, 2021 27:50


In this episode of bourbon and data breaches, the HackNotice team discusses the five latest cybersecurity breaches of this week: 1. Alt-Right Texas group's website leaked the resumes of applicants. 2. Ransomware gang REvil's servers come back online after a two-month hiatus 3. Howard University was affected by ransomware leading the school to cancel classes for a day. 4. Central Bank of Ireland mistakenly exposes personal information of 50 credit union executives 5. US Cybercom warns of mass exploitation of Atlassian Confluence vulnerabilit

Microsoft Cloud Show
Episode 426 | Start Me Up, Attacks and Hacks and Win 11 Updates

Microsoft Cloud Show

Play Episode Listen Later Sep 14, 2021 52:24


AC and CJ get into the news … and there are some doozies! We discuss a slew of cyber security news, Microsoft's new start experience, Windows 11, Teams and take a look at some inside conversations at Apple regarding Office on iOS.News What it was like inside Microsoft during the worst cyberattack in history Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role Microsoft: Attackers Exploiting Windows Zero-Day Flaw Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 A deep-dive into the SolarWinds Serv-U SSH vulnerability US Cybercom says mass exploitation of Atlassian Confluence vulnerability ‘ongoing and expected to accelerate’ Google debuts Meet features, including ‘Companion mode' Microsoft rebrands its news feed as ‘Microsoft Start’ Microsoft acquires Clipchamp to empower creators Misbehaving Microsoft Teams ad brings down the entire Windows 11 desktop EdgeDeflector enforces your default browser setting in Windows Why can an ad break the Windows 11 desktop and taskbar? Windows Subsystem for Android Arrives in the Microsoft Store Microsoft won't stop you installing Windows 11 on older PCs Project Maven: Amazon And Microsoft Scored $50 Million In Pentagon Surveillance Contracts After Google Quit 5 reasons to attend the Azure data governance digital event Announcing a new Microsoft Teams authentication provider and file upload feature in the Microsoft Graph Toolkit Twitter: “Apple exec - Microsoft wants to use an external payment system on iOS” Picks AC’s Pick O.MG CABLE - * TO USB-A CJ’s Pick The disastrous voyage of Satoshi, the world's first cryptocurrency cruise ship

La French Connection
Episode 0x188 (Hebdo) - 12 septembre 2021 - Coeur de Hacker!

La French Connection

Play Episode Listen Later Sep 12, 2021 59:42


12 septembre 2021 - Coeur de Hacker! Shamelessplug Hackfest 2021 - Training 14 au 18 novembre, Conférence et villages le 19-20 novembre Colloque Cybersécurité Québec 2020 15 au 19 novembre, Hack in Paris Hackfest Shop Join Hackfest/La French Connection Discord Les « Parodies du vendredi » : Cœur de Hackeur Shownotes and Links 20210908 - Revealed: LAPD officers told to collect social media data on every civilian they stop 20210905 - La STO est la cible d'une cyberattaque 20210909 - Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet 20210908 - Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S. 20210908 - New Zealand DDoS wave targets banks, post offices, weather forecasters and more 20210906 - ​​New Zealand suffers a widespread Internet outage 20210827 - Fin de l'étude détaillée du projet de loi n° 64 : État des lieux 20210907 - REvil ransomware group returns following Kaseya attack 20210903 - Why Ransomware Hackers Love a Holiday Weekend 20210831 - FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends 20210903 - US Cybercom says mass exploitation of Atlassian Confluence vulnerability ‘ongoing and expected to accelerate' 20210908 - Le grand fouillis des données médicales 20210911 - Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase 20210910 - Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America 20210908 - Ontario Digital Service 20210902 - WhatsApp hit with giant €225 million (~$267M) million GDPR fine 20210909 - UN Computer Networks Breached by Hackers Earlier This Year 20210910 - New York State fixes vulnerability in COVID-19 passport app that allowed storage of fake vaccine credentials IrResponsible disclosure 20210910 - New York State fixes vulnerability in COVID-19 passport app that allowed storage of fake vaccine credentials 5/5 Steve - Crew Steve Waterhouse Patrick Mathieu Richer Dinelle Crédits Montage audio par Hackfest Communication Musique 985fm montréal Locaux virtuels par 8x8

Mobile People Talks

Какие эмоции у вас вызывает слово “легаси”? Вряд ли они добрые и светлые (мало ли, конечно, всякое бывает, но мы все-таки про общий случай говорим). Причем если проект с легаси достался вам в наследство, это одно дело, а ведь бывает и так, что вроде бы совсем недавно писали чистый код, все было хорошо, но не успели оглянуться, и как-то неожиданно он взял и превратился в легаси, как же так вышло, и можно ли было этого избежать? И вообще, вы, задавались вопросом, чем отличается легаси от технического долга, и что из этого хуже для проекта? А iOS приложения на Objective-C это уже легаси? Или еще нет? А Android приложения на Java? А Flutter c использованием Dart без null safety? Именно о легаси наш эпизод, по этому поводу в гости к подкасту заглядывает Principal Developer из Atlassian (да-да, тот самый Atlassian - Confluence, Jira, Trello и много чего еще) Никита Леонов. С ним ведущие и обсуждают это самое никем не любимое легаси, и то, как с ним бороться (и надо ли), может в каких-то ситуациях легаси не только вредно, но и полезно? Заодно ведущие затрагивают вопросы того, как развиваются большие, долгоживущие проекты и насколько остро ощущается эта проблема там. Ну и, конечно, не остаются без внимания и платформы, как их создавать, как они могут помочь в разработке приложений, и как ими пользоваться, особенно если ты не владеешь всей архитектурой продукта целиком. Итак, если у вас на проекте есть проблемы с легаси, и вы не знаете что с этим делать, ну или на проекте все хорошо, но эти вопросы вам близки, и вы хотели бы в них разобраться, то этот выпуск для вас! Гость подкаста: Никита Леонов, Principal Developer в Atlassian, Twitter: https://twitter.com/leonovco Пишите нам: mobilepeopletalks@gmail.com

dart trello atlassian flutter jira principal developer atlassian confluence
Scott Talks Tech
34 - Tool Review - Confluence

Scott Talks Tech

Play Episode Listen Later Aug 31, 2020 12:31


In this episode, I review the Atlassian Confluence product. I talk about what it is and how you can use it. I discuss what types of content you can create with it. I also talk about some of the plugins (apps) that you can use to extend and enhance your Confluence content.#tech #Technology #review #atlassian #document #management #livingdocumentThanks for listening,Scott Everhart

Tech Writer koduje
#7 Programista dokumentuje, czyli nowoczesny technical writing

Tech Writer koduje

Play Episode Listen Later Aug 29, 2019 61:38


W nowoczesnej firmie software’owej nie ma ani jednego Technical Writera. W takim razie czym się zajmuje nasz gość, Rafał Pawlicki, który pracuje jako Documentation Manager? Dynamiczne zmiany w świecie technologii powodują, że coraz częściej w firmach wytwarzających oprogramowanie granice między tradycyjnie zdefiniowanymi rolami zaczynają się zacierać. Nierzadko Tech Writer koduje, a programista dokumentuje. Rozmawiamy o przyszłości Technical Writerów, o tym jak stać się elastycznym specjalistą od treśći i nie zamykać się w silosie oraz mierzymy się ze stereotypami związanymi z podejściem programistów do dokumentacji i z ich postrzeganiem roli Tech Writera. Posłuchajcie! Informacje dodatkowe: Atlassian Confluence: https://www.atlassian.com/pl/software/confluence Sphinx: http://www.sphinx-doc.org/en/master/ Markdown: https://daringfireball.net/projects/markdown/syntax reStructuredText: https://www.sphinx-doc.org/en/master/usage/restructuredtext/index.html PyCharm: https://www.jetbrains.com/pycharm/ IntelliJ IDEA: https://www.jetbrains.com/idea/ Rafał Pawlicki (profil LinkedIn): https://pl.linkedin.com/in/rafa%C5%82-pawlicki-973281165

THIS IS NOT A TEST - books, music, movies, art, culture and truth

In which and wherein I proceed to speak on subjects as confounding and diverse as particles, time, unemployment, maximizing one's potential, training chickens, meaning and purpose, milk trucks, the pervasive mystery of Atlassian Confluence, rhythm, mojo, management philosophies, buying and selling, Joe Strummer, Lake Woebegone and the End of the Road in Homer Alaska, Craigslist, fear and loathing in the grocery store, yard sales, Ronald Reagan, Mikhail Gorbachev, the dark apocalypse, seven-and-a-half billion handbags, and Hootie and the Blowfish.

Pocketnow Weekly Podcast
Pocketnow Weekly 206: Wrapping up the OnePlus 3, and we can't shake these iPhone 7 rumors

Pocketnow Weekly Podcast

Play Episode Listen Later Jun 24, 2016 122:15


T-Mobile had a heck of week with streaming and special offer issues. Is Google somehow upsetting manufacturing partners? Why are companies threatening to leave Android? We're wrapping up our OnePlus 3 coverage, and you can get a sneak peek of our full review. Lastly, we just can't seem to shake all of these conflicting iPhone 7 rumors. These stories and we'll be tackling your questions and comments. Make sure you're charged and ready for episode 206 of the Pocketnow Weekly! Watch the video broadcast from 2:00pm Eastern on June 23rd (click here for your local time), or check out the high-quality audio version right here. And don't forget to shoot your listener mail to podcast [AT] pocketnow [DOT] com for a shot at getting your question read aloud on the air! Pocketnow Weekly 206 Recording Date June 23, 2016 Host Juan Bagnell Producer Jules Wang Sponsor Today's episode of the Pocketnow Weekly podcast is made possible by: Atlassian produces collaboration software for teams. From startup to enterprise, Atlassian offers solutions for tracking complex tasks with JIRA management software. Atlassian Confluence provides a platform for creating content and sharing assets between team members. While creating, collaborators can discuss in real time through instant message or video conferencing on HipChat. Lastly, BitBucket provides a powerful platform to test, manage, and review code in real time. See how your team might benefit from the platform and collaboration tools Atlassian has to offer. See how Jira, Confluence, HipChat, and Bitbucket give your team everything you need to organize, discuss, and complete shared work. You can find more information at www.atlassian.com. The Rundown 6:57 T-Mobile's strugglin' with streaming and special offers 22:39 Is Google too good for manufacturers or is it vice versa? 40:36 From the owner of OPPO and vivo comes imoo — an educational smartphone brand 46:13 We just can't put this stupid iPhone 7 headphone jack thing to bed... 55:53 In-depth: five of the biggest acquisitions in mobile tech 1:09:29 Wrapping up our OnePlus 3 coverage with some review spoilers... 1:40:16 The rifle emoji and how it was not meant to be in Unicode 9.0 Listener Mail (01:44:22) Listener questions this week from Daniel, Haniko, and Cory. See omnystudio.com/listener for privacy information.

Pocketnow Weekly Podcast
Pocketnow Weekly 205: iOS 10 and Apple Watch BETA wrap up, and Net Neutrality Defended

Pocketnow Weekly Podcast

Play Episode Listen Later Jun 18, 2016 99:48


We've been using the iOS 10 and Apple Watch OS 3 developer preview BETAs for almost a week. How is Apple stacking up to it Android competition? Bluetooth 5 is coming with more bandwidth and a focus on "Internet of Things". And, Net neutrality is defended again, this time in the courts. Will companies start accepting it now as the law of the land? These stories and we'll be tackling your questions and comments. Make sure you're charged and ready for episode 205 of the Pocketnow Weekly! Watch the video broadcast from 2:00pm Eastern on June 17th (click here for your local time), or check out the high-quality audio version right here. And don't forget to shoot your listener mail to podcast [AT] pocketnow [DOT] com for a shot at getting your question read aloud on the air! Pocketnow Weekly 205 Recording Date June 17, 2016 Host Juan Bagnell Producer Jules Wang Guest Enobong Etteh (Booredatwork) Sponsor Today's episode of the Pocketnow Weekly podcast is made possible by: Atlassian produces collaboration software for teams. From startup to enterprise, Atlassian offers solutions for tracking complex tasks with JIRA management software. Atlassian Confluence provides a platform for creating content and sharing assets between team members. While creating, collaborators can discuss in real time through instant message or video conferencing on HipChat. Lastly, BitBucket provides a powerful platform to test, manage, and review code in real time. See how your team might benefit from the platform and collaboration tools Atlassian has to offer. See how Jira, Confluence, HipChat, and Bitbucket give your team everything you need to organize, discuss, and complete shared work. You can find more information at www.atlassian.com. The Rundown 6:21 Apple fights patent suit and sales ban in China 17:26 OnePlus 3 performance not "flagship killing" — at least out of the box 26:23 Bluetooth 5 is coming to improve your IoT experience 40:01 More and more LG X series of phones announced 54:44 Is iOS 10 becoming more and more like Android? 1:07:22 Apple Watch OS 3 impressions 1:14:19 Net neutrality defended again in the courts Listener Mail (01:21:13) Listener questions this week from Y4M1, Guido, and Cory. See omnystudio.com/listener for privacy information.

Pocketnow Weekly Podcast
Pocketnow Weekly 204: Moto Z and Z Force, Lenovo Phab 2 Pro, and Google's Tango

Pocketnow Weekly Podcast

Play Episode Listen Later Jun 11, 2016 79:37


Lenovo TechWorld rocked our socks! Let's chat about our first experiences with the Moto Z and Z Force. What is Project Tango, and what is it doing in the Phab 2 Pro? And what might Apple have in store for us at WWDC this year? Make sure you're charged and ready for episode 204 of the Pocketnow Weekly! Watch the video broadcast from 2:00pm Eastern on June 10th (click here for your local time), or check out the high-quality audio version here. And don't forget to shoot your listener mail to podcast [AT] pocketnow [DOT] com for a shot at getting your question read aloud on the air! Pocketnow Weekly 204 Recording Date June 10, 2016 Hosts Juan Bagnell Adam Doud Jules Wang Sponsor Today's episode of the Pocketnow Weekly podcast is made possible by: Atlassian produces collaboration software for teams. From startup to enterprise, Atlassian offers solutions for tracking complex tasks with JIRA management software. Atlassian Confluence provides a platform for creating content and sharing assets between team members. While creating, collaborators can discuss in real time through instant message or video conferencing on HipChat. Lastly, BitBucket provides a powerful platform to test, manage, and review code in real time. See how your team might benefit from the platform and collaboration tools Atlassian has to offer. See how Jira, Confluence, HipChat, and Bitbucket give your team everything you need to organize, discuss, and complete shared work. You can find more information at www.atlassian.com. The Rundown 6:20 Moto Z and Moto Z Force first impressions! 38:11 Lenovo Phab 2 Pro coming to the USA — what's Google Tango? 56:40 What might Apple have in store for WWDC this year? Listener Mail (01:13:02) A listener question this week from Unicorn Workhorse. See omnystudio.com/listener for privacy information.

GitMinutes
GitMinutes #27: Stefan Saasen from Atlassian

GitMinutes

Play Episode Listen Later Feb 17, 2014


In this episode I’m talking to Stefan Saasen from Atlassian. We focus mainly on Stash, which is their on-premise Git repository manager, but we’ll also touch on their other products to see how they all work together. If you cannot see the audio controls, your browser does not support the audio element. Use the link below to download the mp3 manually. Link to mp3Stefan is the development lead for Atlassian Stash. He has worked on Atlassian Confluence, later with the OnDemand authentication system and finally on Stash, their Git hosting solution. He’s responsible for migrating the Confluence team from Subversion to Git, as well as a large number of Atlassian OnDemand customers.Homepage Twitter Bitbucket GitHub Links:Stefan's blog post Reimplementing “git clone” in Haskell from the bottom upDiscussion about making Git more thread-safe on the mailing listVote for STASH-2469: Include Mercurial (Hg) support in Stash (245 votes at the time of writing, making it currently the top most voted issue).GitMinutes #22: Alexander Kitaev about SubGitGitMinutes #20: Mick Wever on Migrating to Git (mentions SubGit)The essence of branch-based workflowsAll Stefan's posts on the Atlassian blogAtlassian's Git resourcesAll Atlassian blog posts tagged with GitFavorite Git pro tips:Extend Git with git extras and git activity.Listen to the episode on YouTube