Critical Infrastructure Security, Breach

GAO breach attributed to Atlassian vulnerability

CyberScoop reports that federal IT contractor CGI Federal revealed that the breach of its systems that resulted in the compromise of data from nearly 6,600 current and former employees at the Government and Accountability Office stemmed from the exploitation of a vulnerability affecting some Atlassian Confluence Data Center and Server versions. Organizations had been warned by the Cybersecurity and Infrastructure Security Agency, the Multi-State Information Sharing and Analysis Center, and the FBI in October regarding the active exploitation of the Atlassian Confluence flaw. Such an alert has prompted CGI Federal to expedite remediation efforts for the security issue, according to CGI Federal spokesperson Mercedes Marx. "As part of its daily operating practices, CGI continuously and immediately addresses all known and emerging vulnerabilities through regular testing and validation of platforms and systems deployed on behalf of all clients," said Marx, who did not provide details as to why notifications regarding the three-month gap between the federal advisory and its notification to the GAO.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.