New year is going to be interesting for security aspects

Hi! 

As we know the latest security patches is good option.

Unfortunately, now the exploits are creating much faster as expected. 

If you're forget to upgrade your infra please do it. Otherwise it is too risky to have not latest releases. 

Windows:

• https://threatpost.com/exploited-windows-kernel-bug-takeover/163800/

Linux: 

• CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
• Video of proof https://vimeo.com/504872555
• https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-3156

If you want find the exploit to review your infra you can find in github the exploit.

Not so long time ago, one of my customer lost an infrastructure of CI/CD and Jira instances. 

Because the attack was used 1 vuln app for Jira 8.5, and then made a privileges escalation trick from jira user to root, and uploaded the shell code. 

And after instance by instance was used for spamming, crypto mining and after ciphering backups (good idea btw). 

Please, be aware if you instance exposed through internet.

Conclusion:

Don't be shy and do upgrades, and improve upgrade procedure.

P.S. I think time to upgrade to latest your Atlassian products includes apps as well :) Except cloud :)

Cheers,

Gonchik Tsymzhitov