All articles tagged with #atlassian
Atlassian is acquiring The Browser Company for $610 million to focus on Dia, an AI-powered browser and chatbot, aiming to enhance enterprise and individual productivity tools, with plans to maintain Dia as a standalone product and gradually integrate features from Arc, while emphasizing rapid market growth and stability.
Australian software company Atlassian laid off 150 employees through a pre-recorded video message from CEO Mike Cannon-Brookes, sparking criticism for its impersonal approach and raising concerns about the use of AI and employment practices in the tech industry.
Microsoft has confirmed a memory leak in its March Windows Server security update, causing domain controllers to crash, and has since delivered a patch to fix the issue. Atlassian leads the list of critical vulnerabilities with a SQL injection bug in Bamboo Data Center and Server. Security researchers have discovered a new, more dangerous variant of the wiper malware AcidRain, called AcidPour, linked to Russian threat actors. Additionally, Proofpoint's Data Loss Landscape report found that 85% of companies experienced data loss in the past year, with 71% attributing it to careless users, particularly privileged ones like HR and finance professionals.
Wall Street analysts believe that Amazon and Atlassian are better AI stocks to buy than Nvidia, with median price targets implying 15% and 22% upside, respectively. Amazon's strong performance in e-commerce, digital advertising, and cloud computing, along with its sensible growth strategy, make it an attractive investment. Atlassian's work management and IT service management software, coupled with its suite of AI features, position it well to capitalize on the growing demand for AI applications. Both companies are expected to see double-digit sales growth, making them compelling long-term investments.
A critical security flaw affecting Atlassian Confluence Data Center and Server has been actively exploited by malicious actors, with nearly 40,000 exploitation attempts recorded within three days of its public disclosure. Tracked as CVE-2023-22527, the vulnerability allows unauthenticated attackers to achieve remote code execution on susceptible installations. The exploitation attempts, originating from over 600 unique IP addresses, are currently limited to testing callback attempts and 'whoami' execution, indicating opportunistic scanning for vulnerable servers. Over 11,000 Atlassian instances have been found accessible over the internet, raising concerns about the extent of vulnerability.
More than 600 IP addresses are launching thousands of exploit attempts against a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, which can allow unauthenticated remote code execution (RCE) attacks. Despite Atlassian urging customers to update immediately, over 11,000 instances remain exposed on the internet, with more than 39,000 RCE attempts seen since January 19. Organizations with vulnerable instances are advised to assume a breach, patch, and take precautions, as this follows a string of critical flaws that have plagued the company in recent months.
Hackers are actively exploiting a critical remote code execution vulnerability, CVE-2023-22527, in outdated versions of Atlassian Confluence servers, with over 39,000 exploitation attempts recorded. The flaw allows unauthenticated remote attackers to execute code and affects versions 8.0.x to 8.5.3. Atlassian has released fixes for affected versions and advises administrators to update to secure versions released after December 5, 2023, while also recommending thorough system cleanup for potentially compromised instances.
Citrix, VMware, and Atlassian have all been hit with critical security vulnerabilities, with Citrix warning of two zero-day flaws being actively exploited in the wild in its NetScaler ADC and NetScaler Gateway products, VMware alerting customers of a critical security vulnerability in Aria Automation, and Atlassian releasing patches for over two dozen vulnerabilities, including a critical remote code execution flaw impacting Confluence Data Center and Confluence Server. Users are advised to patch their systems immediately to mitigate the risks.
Atlassian has raised the severity rating of a recent vulnerability in its Confluence Data Center and Server, increasing the CVSS score to the maximum of 10. The vulnerability allows an attacker to reset Confluence and create an administrator account, granting them extensive control over compromised instances. Active exploitation of the vulnerability has been reported, with attacks leading to the attempted deployment of the Cerber ransomware strain. Atlassian advises all Confluence users to upgrade immediately or apply temporary mitigations. The increased severity rating now matches that of another major Confluence vulnerability disclosed earlier in October.
Multiple ransomware groups are actively exploiting recently disclosed vulnerabilities in Atlassian Confluence and Apache ActiveMQ. The flaws allow threat actors to create unauthorized accounts and lead to a loss of confidentiality, integrity, and availability. Atlassian has updated its advisory, noting active exploits and increasing the severity of the flaw. The attacks involve mass exploitation of vulnerable Atlassian Confluence servers, originating from IP addresses in France, Hong Kong, and Russia. Additionally, a severe remote code execution flaw in Apache ActiveMQ is being weaponized to deliver a remote access trojan and a ransomware variant. Cybersecurity firms emphasize the need for rapid remediation of these vulnerabilities.
A critical vulnerability in Atlassian's Confluence enterprise server app, known as CVE-2023-22518, is being actively exploited by threat actors, with attacks targeting Ukraine. The vulnerability allows for the execution of malicious commands and the restoration of databases. Security firms have observed the exploitation leading to ransomware deployment. Atlassian has urged customers to take immediate action to protect their instances, including patching or temporarily removing the server from the internet. Failure to address the vulnerability poses a significant risk of data loss.
Atlassian, the software maker, reported better-than-expected earnings and revenue for the quarter ending September 30, with revenue increasing 21% year over year. However, the company's shares plummeted 9% in extended trading despite meeting Wall Street's forecast. Atlassian's net loss widened, but its adjusted operating margin improved. The company also announced plans to end support for its Server products in 2024 and encouraged clients to migrate to the Cloud or Data Center tiers. Atlassian's guidance for the fiscal second quarter aligns with expectations, and it raised its adjusted operating margin guidance for the full fiscal year.
Atlassian has issued a warning to administrators to immediately patch Internet-exposed instances of its Confluence software due to a critical security flaw that could result in data loss. The vulnerability, tracked as CVE-2023-22518, affects all versions of Confluence Data Center and Confluence Server software and poses a significant risk to publicly accessible instances. While the bug does not impact data confidentiality, it can be exploited by unauthorized attackers to destroy data on affected servers. Atlassian has released fixed versions of the software and advises administrators to upgrade or apply mitigation measures, including backing up unpatched instances and blocking Internet access.
Atlassian has announced its acquisition of video messaging platform Loom for approximately $975 million, aiming to enhance its team collaboration tools and meet the growing demand for hybrid work. By integrating Loom's technology into Atlassian software, users will be able to incorporate video into their workflows. The deal, expected to close in March 2024, will be funded with existing cash balances and is projected to dilute operating margins in fiscal years 2024 and 2025.
Microsoft has reported that state-backed hackers, identified as Storm-0062 and believed to be China-based, are exploiting a critical zero-day vulnerability in Atlassian software. The vulnerability, tracked as CVE-2023-22515, allows remote attackers to create unauthorized administrator accounts and gain access to Confluence servers. Atlassian has released a patch for the flaw and is working closely with Microsoft on the investigation. The scale of customer exploitation and any data theft remains unclear at this time. Users are urged to upgrade their software to protect against the exploit.