• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers exploiting unpatched critical atlassian confluence zero day vulnerability

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability

You are here: Home / General Cyber Security News / Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
June 3, 2022

Atlassian has warned of a critical unpatched distant code execution vulnerability impacting Confluence Server and Data Centre products that it said is becoming actively exploited in the wild.

The Australian program company credited cybersecurity firm Volexity for pinpointing the flaw, which is getting tracked as CVE-2022-26134.

“Atlassian has been built informed of present lively exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Info Middle and Server,” it explained in an advisory.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“There are at the moment no mounted versions of Confluence Server and Details Centre obtainable. Atlassian is functioning with the greatest precedence to issue a resolve.” Specifics of the security flaw have been withheld until eventually a software package patch is offered.

CyberSecurity

Confluence Server variation 7.18. is regarded to have been exploited in the wild, while Confluence Server and Knowledge Heart versions 7.4. and later on are probably susceptible.

In the absence of a repair, Atlassian is urging shoppers to prohibit Confluence Server and Data Middle circumstances from the internet or take into consideration disabling Confluence Server and Facts Centre situations altogether.

Volexity, in an impartial disclosure, explained it detected the action more than the Memorial Working day weekend in the U.S. as part of an incident reaction investigation.

The attack chain associated leveraging the Atlassian zero-working day exploit — a command injection vulnerability — to reach unauthenticated distant code execution on the server, enabling the threat actor to use the foothold to drop the Behinder web shell.

“Behinder supplies really powerful abilities to attackers, which includes memory-only webshells and constructed-in assist for conversation with Meterpreter and Cobalt Strike,” the researchers claimed. “At the identical time, it does not let persistence, which suggests a reboot or assistance restart will wipe it out.”

CyberSecurity

Subsequently, the web shell is claimed to have been employed as a conduit to deploy two further web shells to disk, such as China Chopper and a custom file add shell to exfiltrate arbitrary data files to a distant server.

The progress arrives significantly less than a calendar year soon after a different critical remote code execution flaw in Atlassian Confluence (CVE-2021-26084, CVSS score: 9.8) was actively weaponized in the wild to set up cryptocurrency miners on compromised servers.

“By exploiting this type of vulnerability, attackers can attain immediate entry to very delicate programs and networks,” Volexity said. “Further more, these units can frequently be tough to investigate, as they absence the suitable checking or logging abilities.”

Discovered this post fascinating? Abide by THN on Facebook, Twitter  and LinkedIn to read through much more exceptional information we publish.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «threat detection software: a deep dive Threat Detection Software: A Deep Dive
Next Post: Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies microsoft blocks iran linked lebanese hackers targeting israeli companies»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.