Subj : CGI Federal points finger at Atlassian bug for US government data
To   : All
From : TechnologyDaily
Date : Wed Feb 14 2024 16:00:06

CGI Federal points finger at Atlassian bug for US government data breach

Date:
Wed, 14 Feb 2024 15:47:46 +0000

Description:
While the extent of the breach is unknown, over 6,000 GAO employees were 
affected.

FULL STORY
======================================================================

A bug in the Atlassian collaboration platform is to blame for this week's US 
government data breach, affected IT contractor CGI Federal has said. 

The incident saw the Government Accountability Office (GAO) reveal over 6,000 
current and former employees had been affected as a result of the breach. 

It has not been confirmed if the breach affected any other government 
agencies, so the full extent of the damage is yet to be determined. Blame it 
on the buggy 

As reported earlier this week, CGI Federal disclosed that it had suffered a 
data breach at some point during January 2023. 

The CGI Federal website states its federal clients, include nearly every 
cabinet-level federal agency, military branch, and other federal entities. A 
CGI representative recently stated that the company provides its services to 
100 participating agencies while testifying in front of Congress. 

In a statement released by CGI Federal, the company said that it was "with 
authorities and clients to identify and disclose any data affected by the 
Confluence exploitation." According to the Cybersecurity & Infrastructure 
Security Agency (CISA), the Atlassian Confluence exploit was discovered in 
October under the vulnerability ID CVE-2023-22515. 

In the statement by CISA on the Network Initial Access exploit, the 
organization stated that they strongly encourage network administrators to 
immediately apply the upgrades provided by Atlassian. CISA, FBI, and MS-ISAC 
also encourage organizations to hunt for malicious activity on their networks 
using the detection signatures and indicators of compromise (IOCs) in this 
CSA. More from TechRadar Pro Web apps and APIs were attacked more than ever 
last year Take a look at our guide to the best productivity tools A new 
Microsoft Azure hacking campaign is targeting high-end executives 




======================================================================
Link to news story:
https://www.techradar.com/pro/cgi-federal-points-finger-at-atlassian-bug-for-u
s-government-data-breach


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.