Contrast Blocked Confluence CVE Attacks—Even Before the Patch

On August 25, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting some versions of Confluence’s team collaboration server software. As of September 3, mass exploitation of the CVE was being detected in the wild—prompting the Cybersecurity & Infrastructure Security Agency (CISA) to issue a warning ... Read More

How It Took Two Years to Resolve Remote Code Execution Vulnerability CVE-2020-17091

Microsoft Teams vulnerability exposed serious risk to the software supply chain ... Read More

CONTRAST LABS REVEALS DEPENDENCY CONFUSION VULNERABILITY IN MICROSOFT TEAMS

When the COVID-19 pandemic forced a large percentage of the world’s office workers to begin working remotely a year ago, organizations were forced to scramble to greatly accelerate their digital transformation. Deployments that may have been planned for years in the future suddenly had to be pulled off in a ... Read More

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized as among the worst hacks of the past 10 years, targeting SolarWinds’ software factory and compromising the code in software updates delivered to its customers.  Russian nation-state attackers first gained access to ... Read More