A critical vulnerability in Atlassian’s Confluence Server software is now under active attack.
Disclosed last week by Atlassian, CVE-2021-26084 is a remote code execution bug that is considered a critical security risk by the vendor. The flaw, which was rated a 9.8 on the CVSS scale, is due to an injection bug in the open source Object-Graph Navigation Language (OGNL) discovered and reported by security researcher Benny Jacob through Atlassian’s bug bounty program.
Troy Mursch, chief research officer with threat intelligence vendor Bad Packets, confirmed to SearchSecurity that CVE-2021-26084 was now being targeted in the wild.
“I can confirm Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Poland and Romania,” Mursch said. “Multiple proof-of-concepts have been published publicly demonstrating how to exploit this vulnerability.”
Administrators are being urged to update any on-premises versions of Atlassian’s Confluence Server collaboration software as hackers have now descended on the critical security flaw. Cloud-hosted versions of Confluence Server are not vulnerable to attack, Atlassian said.
According to Atlassian, the bug normally requires the attacker to be logged into the network to exploit, but under some circumstances, servers can be remotely exploited without any authentication.
I can confirm Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Poland and Romania. Troy MurschChief research officer, Bad Packets
In a demonstration of the flaw, researcher Harsh Jaiswal showed how the bug could be exploited to gain remote code execution.
“From our understanding & debugging we came to this conclusion: Attributes of #tag components within Velocity template are evaluated as OGNL Expressions to convert the template into HTML,” Jaiswal wrote.
For administrators, this means that getting the flaw patched as soon as possible is imperative. In some cases, Mursch said, it may already be too late. While Bad Packets doesn’t have an estimate on the number of vulnerable servers in the wild, the sheer volume of activity against the flaw should make the update a priority.
“Organizations using the on-premises version of Confluence need to immediately apply the update provided by Atlassian and check their servers for any indicators of compromise,” said Mursch.
“Given the level of scanning of exploit activity we’ve detected so far today, any unpatched servers are at immediate risk of compromise.”
Pegasus Project – how governments use Pegasus spyware against journalists | IT Security News 19. July 2021 This article has been indexed from Security Affairs Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation…
A week after releasing iOS 14.7.1 to the public, Apple today stopped signing iOS 14.7. That means users who have updated their devices or iOS 14.7.1 or even iOS 15 beta can no longer downgrade to iOS 14.7. iOS 14.7.1 was released on July 26 with a fix for a bug that prevented users from…
Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management Europol Says Initiative Has Saved Ransomware Victims Over $1 Billion Rashmi Ramesh • July 28, 2021 EU law enforcement agency Europol says the No More Ransom Project, a portal launched five years ago, so far has helped…
3rd Party Risk Management , Breach Notification , Critical Infrastructure Security FireEye, Microsoft, CrowdStrike Offer New Details and Recommendations Doug Olenick (DougOlenick) • February 23, 2021 (From the left) Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna and FireEye CEO Kevin Mandia The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a…
Application Security , Critical Infrastructure Security , Cybercrime Security Agency Will Use Bugcrowd, EnDyna for Platform Scott Ferguson (Ferguson_Writes) • June 8, 2021 The U.S. Cybersecurity and Infrastructure Security Agency is preparing to expand its vulnerability research and disclosure program, which is now mandatory for nearly all executive branch agencies within the federal…
The cybersecurity authorities of the U.S. Cyber command have recently been notified regarding the increase in the number of scans and attempts to exploit a newly identified vulnerability in corporate servers along with the Atlassian Confluence wiki engine installed. CVE-2021-26084 in Confluence Server and Confluence Data Center software is the vulnerability that has been confirmed…
