Hacker offer zero-day RCE exploit of Atlassian Jira for Sale

A threat offer to sell a zero-day exploit for Atlassian’s Jira in a underground forum. This exploit can be used on the latest version of Jira desktop app and Jira integrated with Confluence.  According to the offer, It does not require any login credentials and can also work with Okta Single Sign-On (SSO), making it more impactful.

DailyDarkweb reported the details of the Offer:

• Uncategorized

Fortinet + Crowdstrike team on protection from endpoint to firewall

By infosecbulletin / Tuesday , October 22 2024

In today's rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered...

Read More

• Uncategorized

Sophos to Acquire Secureworks in $859M

By infosecbulletin / Tuesday , October 22 2024

Sophos, based in the UK, is to acquire Secureworks, a Nasdaq-listed company, for $859 million in cash from Dell Technologies....

Read More

• Cyber Attack
• Data Breach
• Hot Topic
• International
• Vulnerabilities

2nd time hacker breached Internet Archive

By infosecbulletin / Monday , October 21 2024

The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had...

Read More

• Vulnerabilities

Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs

By infosecbulletin / Sunday , October 20 2024

In today's changing cybersecurity environment, it's essential to find vulnerabilities in code. Vulnhuntr, an open-source tool on GitHub, uses Large...

Read More

• Vulnerabilities

Critical Vulnerabilities in Bitdefender Total Security Expose Users to MITM

By infosecbulletin / Friday , October 18 2024

Bitdefender said a vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly...

Read More

• Cyber Attack
• Hot Topic

Microsoft’s Alarming Report: 600 Million Cyberattacks perday

By infosecbulletin / Thursday , October 17 2024

Cybersecurity threats have surged to extraordinary heights, as Microsoft’s latest Digital Defense Report reveals that its customers are confronted with...

Read More

• Vulnerabilities

CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX

By infosecbulletin / Thursday , October 17 2024

VMware has issued a warning about a remote code execution vulnerability, CVE-2024-38814, with a CVSS score of 8.8, in its...

Read More

• Vulnerabilities

Over 90 Zero-Days, 40+ N-Days Exploited In The Wild

By infosecbulletin / Thursday , October 17 2024

Mandiant researchers found that over 90 zero-day vulnerabilities and more than 40 known vulnerabilities were exploited in the wild. Vulnerabilities...

Read More

• Vulnerabilities

Oracle Security Update, 334 Vulnerabilities Patched

By infosecbulletin / Wednesday , October 16 2024

Oracle's October 2024 Critical Patch Update has fixed 334 security vulnerabilities in its products. The CPU affects 28 Oracle product...

Read More

• Vulnerabilities

Chrome 130 Launches with Patches for 17 Security Vulnerabilities

By infosecbulletin / Wednesday , October 16 2024

Google has released Chrome 130, fixing 17 security vulnerabilities. The update (version 130.0.6723.58/.59 for Windows and Mac, and 130.0.6723.58 for...

Read More

Exploit Type: Zero-day Remote Code Execution (RCE)
Target: Atlassian Jira (latest desktop version and integrated with Confluence)
Login Requirement: None
SSO Compatibility: Okta SSO
Price: 800,000 XMR (Monero)

If the claim to be true, this exploit is a major security threat due to the widespread use of Jira and Confluence in corporate environments for project management and collaboration.

(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)