The Cybersecurity and Infrastructure Security Agency, FBI and Multi-State Information Sharing and Analysis Center this week alerted organizations to a critical vulnerability affecting certain versions of the Atlassian Confluence Data Center and Server that enables malicious actors to obtain access to victim systems and continue active exploitation post-patch. The agencies strongly encourage network administrators to immediately apply the recommended upgrades and recommended responses to indicators of compromise. The FBI and CISA also recently released updated recommendations to protect against AvosLocker ransomware. 
 
In other cyber news, federal agencies this week released guidance to help organizations reduce the risk of ransomware incidents and phishing attacks, and updated guidance to help software manufacturers demonstrate their commitment to secure by design principles and customers ask for products that are secure by design.
 
“In the past two weeks government agencies have not only been very pro-active in warning us of the latest cyber threats, but have also issued very useful resources to help us counter those threats,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The AvosLocker threat operates as a ransomware-as-a-service and exploits unsecured remote desktop tools on premises. Unrelated but highly advanced and persistent actors are targeting the Confluence Data Center and Sever through an Atlassian Confluence vulnerability, once again demonstrating that cyberthreat actors are aggressively and equally targeting our on-premises and hosted technology. On the positive side, agencies have concurrently issued very useful and detailed guides to help prevent ransomware and phishing attacks and better secure our technology. The premise of ‘secure by design’ is to shift the primary responsibility for cybersecurity from end users to technology developers at the design phase of the technology.”
 
For more information on cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Perspective
When hospitals are attacked, lives are threatened. This is the reality our entire field faces every day. But the never-ending barrage of ransomware and…
Headline
The FBI, National Security Agency and Cyber National Mission Force last week issued a joint advisory about recent actions of China-linked cyber actors…
Headline
The Health Information Sharing and Analysis Center last week announced that Veeam, a software company that provides data protection, backup and disaster…
Headline
The Cybersecurity and Infrastructure Security Agency Aug. 21 published guidance providing best practices for event logging to mitigate cyberthreats. The…
Headline
The AHA has released five new tip sheets designed to fortify crisis leadership competencies during emergency events such as cyberattacks, natural disasters and…
Headline
The FBI, Cybersecurity and Infrastructure Agency and the Department of Defense Cyber Crime Center Aug. 29 issued a joint advisory to warn of Iranian-based…