7x Second Security [1-August-2022]
Using the Atlassian Confluence App?
Do this: Be on the lookout for patches and updated information.
Why: The issue arises when the Confluence app is enabled on the two services (Confluence Server and Data Center), causing it to create a Confluence user account with the username "disabledsystemuser." A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
Additional Info: https://thehackernews.com/2022/07/cisa-warns-of-atlassian-confluence-hard.html/
Using Microsoft Products?
Do this: For now, it is recommended to take extra precaution when interacting with unexpected emails. Be on the lookout for further updates from Microsoft.
Why: "Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior."
Additional Info: https://threatpost.com/popular-bait-in-phishing-attacks/180281//
Using Dahua's IP Camera?
Do this: Patch immediately.
Why: Information has recently been released acknowledging a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) which, when exploited, can lead to seizing full control of IP cameras.
Additional Info: https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html/