Episode #15

Posted on Sep 16, 2021

atlassian confluence mass exploit chaosdb wiz azure aws quantum android sandbox owasp

Mass Exploit, ChaosDB, Quantum Randomness, Android Privacy Compute, OWASP Top10

Note: From this episode onwards, the article format would be changed to direct quoting the title and related links.

1. Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend. (twitter.com/cnmf_cyberalert)

Related:

US Cybercom says mass exploitation of Atlassian Confluence vulnerability ‘ongoing and expected to accelerate’ (zdnet.com)

Confluence Security Advisory - 2021-08-25 (atlassian.com)

Jenkins project Confluence instance attacked (jenkins.io)

2. ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them (wiz.io)

Related:

Critical Vulnerability in Microsoft Azure Cosmos DB (wiz.io)

Jupyter’s role in #ChaosDB (jupyter.org)

3. AWS researcher merges the power of two quantum computers to help make cryptography keys stronger (zdnet.com)

Related:

Example notebooks that show how to apply quantum computing in Amazon Braket. (github.com)

Generating quantum randomness with Amazon Braket (amazon.com)

4. Introducing Android’s Private Compute Services (googleblog.com)

Related:

Android introduces new privacy-friendly sandbox for machine learning data (theverge.com)

Google I/O: What’s new in Android privacy (youtube.com)

5. OWASP Top 10:2021 (DRAFT FOR PEER REVIEW)

Related:

OWASP shakes up web app threat categories with release of draft Top 10 (portswigger.net)