{"id":42419,"date":"2021-09-07T10:09:15","date_gmt":"2021-09-07T10:09:15","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=f45b9a1b226f0aeff8bc1d9f2d6022c8"},"modified":"2021-09-07T10:09:15","modified_gmt":"2021-09-07T10:09:15","slug":"us-officials-warn-of-mass-exploitation-of-atlassian-confluence-flaw","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/us-officials-warn-of-mass-exploitation-of-atlassian-confluence-flaw\/","title":{"rendered":"US officials warn of \u201cmass exploitation\u201d of Atlassian Confluence flaw"},"content":{"rendered":"


\n Keumars Afifi-Sabet<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
7 Sep, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

Hackers<\/a>\u00a0are exploiting a vulnerability in the on-premise Atlassian Confluence workplace collaboration platform on a massive scale, with businesses urged to patch their systems without delay.<\/p>\n

US Cyber Command\u00a0issued a public notice<\/a>\u00a0just before the weekend warning that mass exploitation of the remote code execution flaw tracked as CVE-2021-26084 is \u201congoing and expected to accelerate\u201d.\u00a0<\/p>\n

<\/p>\n

\n\u201cPlease patch immediately if you haven\u2019t already,\u201d the notice added. \u201cThis cannot wait until after the weekend.\u201d<\/p>\n

Confluence is a workplace collaboration platform that allows teams to work together remotely on projects or ideas.\u00a0<\/p>\n

The vulnerability, which is embedded in the Atlassian Confluence Server and Confluence Data Center products, can allow an unauthorised attacker to execute arbitrary code on either of the affected platforms.\u00a0<\/p>\n

Confluence Cloud, which is hosted on\u00a0public cloud environments<\/a>, isn\u2019t affected by the flaw. Rather, the on-premises versions of the product are those susceptible to exploitation.<\/p>\n

It\u2019s rated 9.8 on the CVSS threat severity scale out of ten, suggesting it\u2019s highly exploitable. The firm had never publicly revealed the precise exploit mechanisms, though, beyond describing the flaw as a Confluence Server Webwork OGNL injection. This was presumably to avoid fuelling any future attacks before businesses had a chance to apply the fix.\u00a0<\/p>\n

Atlassian disclosed this vulnerability a couple of weeks ago and urged businesses to patch their systems at the time. However,\u00a0cyber criminals\u00a0<\/a>from around the world have since been detected as scanning for vulnerable systems and launching attacks.<\/p>\n

The threat intelligence firm Bad Packets, for example,\u00a0detected mass scanning and exploit activity<\/a>\u00a0from hosts in a number of regions including China and Brazil earlier last week.\u00a0\u00a0<\/p>\n

Atlassian previously addressed a serious vulnerability in its system that could\u00a0allow hackers to compromise user accounts<\/a>, and control several apps that users can access seamlessly through a single sign-on (SSO) feature.<\/p>\n

This latest vulnerability in Confluence is just one of many serious vulnerabilities that have been exploited during 2021, with\u00a0the rate of successfully abused zero-days surging<\/a>\u00a0over the last few months.\u00a0 <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Keumars Afifi-Sabet<\/p>\n

7 Sep, 2021 <\/p>\n

Hackers\u00a0are exploiting a vulnerability in the on-premise Atlassian Confluence workplace collaboration platform on a massive scale, with businesses urged to patch their systems without dela…<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-42419","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=42419"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42419\/revisions"}],"predecessor-version":[{"id":42420,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42419\/revisions\/42420"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=42419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=42419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=42419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}