A critical vulnerability in Atlassian’s Confluence Server software is now under active attack.
Disclosed last week by Atlassian, CVE-2021-26084 is a remote code execution bug that is considered a critical security risk by the vendor. The flaw, which was rated a 9.8 on the CVSS scale, is due to an injection bug in the open source Object-Graph Navigation Language (OGNL) discovered and reported by security researcher Benny Jacob through Atlassian’s bug bounty program.
Troy Mursch, chief research officer with threat intelligence vendor Bad Packets, confirmed to SearchSecurity that CVE-2021-26084 was now being targeted in the wild.
“I can confirm Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Poland and Romania,” Mursch said. “Multiple proof-of-concepts have been published publicly demonstrating how to exploit this vulnerability.”
Administrators are being urged to update any on-premises versions of Atlassian’s Confluence Server collaboration software as hackers have now descended on the critical security flaw. Cloud-hosted versions of Confluence Server are not vulnerable to attack, Atlassian said.
According to Atlassian, the bug normally requires the attacker to be logged into the network to exploit, but under some circumstances, servers can be remotely exploited without any authentication.
I can confirm Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Poland and Romania. Troy MurschChief research officer, Bad Packets
In a demonstration of the flaw, researcher Harsh Jaiswal showed how the bug could be exploited to gain remote code execution.
“From our understanding & debugging we came to this conclusion: Attributes of #tag components within Velocity template are evaluated as OGNL Expressions to convert the template into HTML,” Jaiswal wrote.
For administrators, this means that getting the flaw patched as soon as possible is imperative. In some cases, Mursch said, it may already be too late. While Bad Packets doesn’t have an estimate on the number of vulnerable servers in the wild, the sheer volume of activity against the flaw should make the update a priority.
“Organizations using the on-premises version of Confluence need to immediately apply the update provided by Atlassian and check their servers for any indicators of compromise,” said Mursch.
“Given the level of scanning of exploit activity we’ve detected so far today, any unpatched servers are at immediate risk of compromise.”
A quick browse through the Ubiquiti website will reveal a company that wants you to know its network solutions are the best of the best. But what the company seemingly doesn’t want you to know is that it suffered a security breach far worse than it let on back in January. A few months back…
An anonymous reader quotes a report from the BBC: The size of the Army is to be reduced to 72,500 soldiers by 2025 as part of a move towards drones and cyber warfare. Defence Secretary Ben Wallace said “increased deployability and technological advantage” meant greater effect could be delivered by fewer people. He set out…
On the Friday heading into Memorial Day weekend this year, it was meat processing giant JBS. On the Friday before the Fourth of July, it was IT management software company Kaseya and, by extension, over a thousand businesses of varying size. It remains to be seen whether Labor Day will see a high-profile ransomware meltdown…
In order to bypass the possibility of getting hit by hackers, Apple just issued emergency software updates and is asking that everyone update their devices as soon as possible. On Sept. 13, Ivan Krstić, Apple’s head of security engineering and architecture, told the NYT that he is urging customers to install iOS 14.8, MacOS 11.6, and…
Mr. Biden says tone of Putin talks was ‘good, positive’ Joe Biden and Vladimir Putin sought to cool tensions in the combustible U.S.-Russian relationship at their first summit in Geneva on Wednesday. However, there was no hiding their differences on issues such as human rights, where Mr. Biden said the consequences for Russia would be…
Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Malware Spreads Via Indiscriminate Port Scanning Prajeet Nair (@prajeetspeaks) • March 24, 2021 The developers behind the Purple Fox fileless downloader malware have upgraded their operation and are using worm capability to target internet-facing devices running Windows, the security firm Guardicore Labs reports….
A quick browse through the Ubiquiti website will reveal a company that wants you to know its network solutions are the best of the best. But what the company seemingly doesn’t want you to know is that it suffered a security breach far worse than it let on back in January. A few months back…
An anonymous reader quotes a report from the BBC: The size of the Army is to be reduced to 72,500 soldiers by 2025 as part of a move towards drones and cyber warfare. Defence Secretary Ben Wallace said “increased deployability and technological advantage” meant greater effect could be delivered by fewer people. He set out…
On the Friday heading into Memorial Day weekend this year, it was meat processing giant JBS. On the Friday before the Fourth of July, it was IT management software company Kaseya and, by extension, over a thousand businesses of varying size. It remains to be seen whether Labor Day will see a high-profile ransomware meltdown…
In order to bypass the possibility of getting hit by hackers, Apple just issued emergency software updates and is asking that everyone update their devices as soon as possible. On Sept. 13, Ivan Krstić, Apple’s head of security engineering and architecture, told the NYT that he is urging customers to install iOS 14.8, MacOS 11.6, and…
Mr. Biden says tone of Putin talks was ‘good, positive’ Joe Biden and Vladimir Putin sought to cool tensions in the combustible U.S.-Russian relationship at their first summit in Geneva on Wednesday. However, there was no hiding their differences on issues such as human rights, where Mr. Biden said the consequences for Russia would be…
Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Malware Spreads Via Indiscriminate Port Scanning Prajeet Nair (@prajeetspeaks) • March 24, 2021 The developers behind the Purple Fox fileless downloader malware have upgraded their operation and are using worm capability to target internet-facing devices running Windows, the security firm Guardicore Labs reports….
A quick browse through the Ubiquiti website will reveal a company that wants you to know its network solutions are the best of the best. But what the company seemingly doesn’t want you to know is that it suffered a security breach far worse than it let on back in January. A few months back…
An anonymous reader quotes a report from the BBC: The size of the Army is to be reduced to 72,500 soldiers by 2025 as part of a move towards drones and cyber warfare. Defence Secretary Ben Wallace said “increased deployability and technological advantage” meant greater effect could be delivered by fewer people. He set out…
On the Friday heading into Memorial Day weekend this year, it was meat processing giant JBS. On the Friday before the Fourth of July, it was IT management software company Kaseya and, by extension, over a thousand businesses of varying size. It remains to be seen whether Labor Day will see a high-profile ransomware meltdown…
In order to bypass the possibility of getting hit by hackers, Apple just issued emergency software updates and is asking that everyone update their devices as soon as possible. On Sept. 13, Ivan Krstić, Apple’s head of security engineering and architecture, told the NYT that he is urging customers to install iOS 14.8, MacOS 11.6, and…
Mr. Biden says tone of Putin talks was ‘good, positive’ Joe Biden and Vladimir Putin sought to cool tensions in the combustible U.S.-Russian relationship at their first summit in Geneva on Wednesday. However, there was no hiding their differences on issues such as human rights, where Mr. Biden said the consequences for Russia would be…
Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Malware Spreads Via Indiscriminate Port Scanning Prajeet Nair (@prajeetspeaks) • March 24, 2021 The developers behind the Purple Fox fileless downloader malware have upgraded their operation and are using worm capability to target internet-facing devices running Windows, the security firm Guardicore Labs reports….