A critical vulnerability in Atlassian’s Confluence Server software is now under active attack.
Disclosed last week by Atlassian, CVE-2021-26084 is a remote code execution bug that is considered a critical security risk by the vendor. The flaw, which was rated a 9.8 on the CVSS scale, is due to an injection bug in the open source Object-Graph Navigation Language (OGNL) discovered and reported by security researcher Benny Jacob through Atlassian’s bug bounty program.
Troy Mursch, chief research officer with threat intelligence vendor Bad Packets, confirmed to SearchSecurity that CVE-2021-26084 was now being targeted in the wild.
“I can confirm Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Poland and Romania,” Mursch said. “Multiple proof-of-concepts have been published publicly demonstrating how to exploit this vulnerability.”
Administrators are being urged to update any on-premises versions of Atlassian’s Confluence Server collaboration software as hackers have now descended on the critical security flaw. Cloud-hosted versions of Confluence Server are not vulnerable to attack, Atlassian said.
According to Atlassian, the bug normally requires the attacker to be logged into the network to exploit, but under some circumstances, servers can be remotely exploited without any authentication.
I can confirm Bad Packets honeypots have detected mass scanning and exploit activity targeting the Atlassian Confluence RCE vulnerability CVE-2021-26084 from hosts in Russia, Hong Kong, Brazil, Poland and Romania. Troy MurschChief research officer, Bad Packets
In a demonstration of the flaw, researcher Harsh Jaiswal showed how the bug could be exploited to gain remote code execution.
“From our understanding & debugging we came to this conclusion: Attributes of #tag components within Velocity template are evaluated as OGNL Expressions to convert the template into HTML,” Jaiswal wrote.
For administrators, this means that getting the flaw patched as soon as possible is imperative. In some cases, Mursch said, it may already be too late. While Bad Packets doesn’t have an estimate on the number of vulnerable servers in the wild, the sheer volume of activity against the flaw should make the update a priority.
“Organizations using the on-premises version of Confluence need to immediately apply the update provided by Atlassian and check their servers for any indicators of compromise,” said Mursch.
“Given the level of scanning of exploit activity we’ve detected so far today, any unpatched servers are at immediate risk of compromise.”
An “imminent ransomware campaign” will be impacting SonicWall’s Secure Mobile Access 100 series and Secure Remote Access products, according to a security advisory from the vendor. SonicWall, a security vendor known for firewall and access offerings, published a security advisory Wednesday for unpatched and end-of-life (EOL) 8.x firmware versions of its SMA 100 and SRA…
Breach Notification , Critical Infrastructure Security , Cybercrime Classes Canceled as the University’s IT Staff Repairs Damage Dan Gunderman (dangun127) • September 7, 2021 Howard University detected the cyberattack late last week. (Photo: Derek E. Morton via Wiki/CC) Stay tuned for updates on this developing story. See Also: Top 50 Security Threats
…
3rd Party Risk Management , Application Security , Breach Notification Russian-Linked Group Targeted Software Design Firm And Other Tech Companies Scott Ferguson (Ferguson_Writes) • September 3, 2021 Source: Autodesk Autodesk, a California-based design software and 3D technology firm, is now acknowledging that it was one of several tech and security companies targeted by…
HolesWarm crypto malware hits unpatched Linux, Windows servers | IT Security News Android App Android App with push notifications Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Categories CategoriesSelect Category(ISC)2 Blog (323)(ISC)2 Blog infosec (13)(ISC)² Blog (409)2020-12-08 – Files for an ISC…
A Chinese national flag flutters outside the China Securities Regulatory Commission (CSRC) building on the Financial Street in Beijing, China July 9, 2021. REUTERS/Tingshu Wang BEIJING, Aug 1 (Reuters) – China’s securities regulator said on Sunday it will seek closer cooperation with its U.S. counterpart and will support overseas listings, after U.S. regulators tightened disclosure…
This article has been indexed from E Hacking News – Latest Hacker News and IT Security News As per the researchers, the number of reported Discord malware detections has increased significantly since last year. Even users who have never interacted with Discord are at risk, even though the network is mostly utilized by gamers…
