Overview
Atlassian has reported a remote code execution vulnerability (CVE-2024-21683) that affects the Confluence Service and Confluence Data Centre. A proof of concept code has been released, which means that exploitation is considered likely. This high-severity vulnerability could allow a remote attacker to execute arbitrary code.
Cisco has reported six vulnerabilities that affects Cisco Adaptive Security Appliance Software (ASA), Firepower Management Center (FMC) Software, and the Firepower Threat Defense (FTD) Software. Cisco has released software updates and these should address the vulnerabilities (i.e. CVE-2024-20353, CVE-2024-20358, and CVE-2024-20359. seen in the ArcaneDoor attack campaign.
Google has released a security update that addresses a high-severity, type-confusion (in V8) vulnerability (CVE-2024-4947) that affects Google Chrome. An exploit of this vulnerability exists in the wild.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Atlassian – Security
Cisco – Security Advisories and Arcane Door event response
Google – Chrome Releases
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.