January 17, 2024: Stay updated on cybersecurity with Atlassian, Citrix, VMware & Chrome

TLDR: Security updates have been issued for Atlassian, Citrix, VMware, and Chrome products. Vulnerabilities were found in Ivanti’s Connect Secure and Pulse Secure VPNs, Atlassian’s Confluence Server and Data Server collaboration application, and VMware’s Aria Automation products. Citrix is urging administrators to patch their installations of NetScaler ADC and NetScaler Gateway to close two vulnerabilities. Trend Micro reported that attackers are actively exploiting a Windows vulnerability to install the Phemedrone information stealer. Google has released an update for the Chrome browser to fix four security issues. The Opera browser’s My Flow feature was found to execute a malicious file outside of the browser’s security confines, highlighting the need for security to be built into every app development workflow. Bosch’s BCC100 Wi-Fi smart thermostat had a vulnerability that could allow an attacker to replace the device’s firmware with a rogue version. An unsecured database owned by an American e-commerce provider containing sensitive information was left open on the internet. The British Library’s catalogue was finally brought back online after suffering a ransomware attack last October.