Home Monero Cyber Mayhem – Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

Cyber Mayhem – Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

3 min read
Comments Off on Cyber Mayhem – Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked
5

Final week was all about patching extreme zero-days in main merchandise from Atlassian Confluence to Fortinet units to Microsoft Workplace—all of that are being actively exploited.

These vulnerabilities are:

  • CVE-2021-26084: a vital OGNL vulnerability in Atlassian Confluence and Information Middle
  • CVE-2021-40444: an MSHTML Distant Code Execution vulnerability in Microsoft Workplace
  • CVE-2018-13379: years outdated Path Traversal flaw in Fortinet VPN firewall units. The vulnerability has beforehand been and continues to be exploited to this point.

The Confluence of Cryptominers

On August twenty fifth this yr, Atlassian launched a safety advisory on the not too long ago patched OGNL-based distant code execution vulnerability affecting its Confluence and Information Middle merchandise. Inside per week, nonetheless, proof-of-concept (PoC) exploits started rising from totally different safety researchers [1, 2, 3]. And shortly sufficient, adversaries started their mass scanning actions and actively exploiting this vulnerability.

Quickly sufficient, Jenkins announced attackers had breached their Confluence server to put in crypto-mining malware, and an incident response investigation was began.

“To date in our investigation, we now have discovered that the Confluence CVE-2021-26084 exploit was used to put in what we imagine was a Monero miner within the container working the service. From there an attacker wouldn’t have the ability to entry a lot of our different infrastructure,” acknowledged Jenkins in a blog post

As of now, the Jenkins infrastructure staff completely disabled the Confluence service, rotated credentials, and carried out additional protecting measures to safeguard the infrastructure.

However, analysis by OSINT agency Censys suggests over 8,000 internet-facing Confluence servers stay susceptible all over the world. Atlassian clients ought to discuss with their security advisory and improve their Confluence and Information Middle merchandise to fastened variations ASAP.

Luckily, Sonatype’s Ops and Data Safety groups have been proactive and stayed on prime of the event. As quickly because the safety advisory was shared by Confluence (Read more…)


Source link

Comments are closed.

Check Also

This week’s top ASX share versus top altcoin winner revealed

Picture supply: Getty Photos The All Ordinaries Index (ASX: XAO) is deep within the crimso…