Categories: Technology

Critical Atlassian 0-day is under active exploit. You’re patched, right?

[ad_1]

About this time last week, threat actors began quietly tapping a previously unknown vulnerability in Atlassian software that gave them almost complete control over a small number of servers. Since Thursday, active exploits of the vulnerability have mushroomed, creating a semi-organized frenzy among competing crime groups.

“It is clear that multiple threat groups and individual actors have the exploit and have been using it in different ways,” said Steven Adair, president of Volexity, the security firm that discovered the zero-day vulnerability while responding to a customer’s breach over the Memorial Day weekend. “Some are quite sloppy and others are a bit more stealth.” His tweet came a day after his firm released the report detailing the vulnerability.

Adair also said that the industry verticals being hit “are quite widespread. This is a free-for-all where the exploitation seems coordinated.”

CVE-2022-26134, as the vulnerability is tracked, allows for unauthenticated remote code execution on servers running all supported versions of Confluence Server and Confluence Data Center. In its advisory, Volexity called the vulnerability “dangerous and trivially exploited.” The vulnerability is likely also present in unsupported and long-term support versions, security firm Rapid7 said.

Volexity researchers wrote:

When initially analyzing the exploit, Volexity noted it looked similar to previous vulnerabilities that have also been exploited in order to gain remote code execution. These types of vulnerabilities are dangerous, as attackers can execute commands and gain full control of a vulnerable system without credentials as long as web requests can be made to the Confluence Server system. It should also be noted that CVE-2022-26134 appears to be another command injection vulnerability. This type of vulnerability is severe and demands significant attention.

Threat actors are exploiting the vulnerability to install the Chopper webshell and likely other types of malware. Here’s hoping vulnerable organizations have already patched or otherwise addressed this hole and, if not, wishing them good luck this weekend. Atlassian’s advisory is here.

[ad_2]
Source link
Admin

Recent Posts

Super Slot Games Review

Super slots provide the pinnacle of casino gaming with their interactive bonus rounds, captivating graphics,…

4 months ago

The Evolution and Impact of  Nanomedicine

Introduction to Nanomedicine Nanomedicine, a subfield of nanotechnology, involves the application of nanoscale materials and…

4 months ago

Chumba Online Casino Review

Chumba Casino provides an extraordinary online gaming experience. Its sweepstakes model allows players to win…

5 months ago

How to Find the Best Online Casinos to Play For Free

Online casinos provide quick, simple, and highly convenient gambling experiences for their players. Offering a…

5 months ago

How to Achieve a Flawless Complexion with the Right Products

Achieving a flawless complexion is a common skincare goal. With the right face care products, you can enhance…

5 months ago

Creating Ideal Matches: The Mutual Selection of Clients and Businesses

Shared values and goals, transparency, understanding each other's needs, communication, and respecting boundaries are vital…

5 months ago