Final week was all about patching extreme zero-days in main merchandise from Atlassian Confluence to Fortinet units to Microsoft Workplace—all of that are being actively exploited.
These vulnerabilities are:
- CVE-2021-26084: a vital OGNL vulnerability in Atlassian Confluence and Information Middle
- CVE-2021-40444: an MSHTML Distant Code Execution vulnerability in Microsoft Workplace
- CVE-2018-13379: years outdated Path Traversal flaw in Fortinet VPN firewall units. The vulnerability has beforehand been and continues to be exploited to this point.
The Confluence of Cryptominers
On August twenty fifth this yr, Atlassian launched a safety advisory on the not too long ago patched OGNL-based distant code execution vulnerability affecting its Confluence and Information Middle merchandise. Inside per week, nonetheless, proof-of-concept (PoC) exploits started rising from totally different safety researchers [1, 2, 3]. And shortly sufficient, adversaries started their mass scanning actions and actively exploiting this vulnerability.
Quickly sufficient, Jenkins announced attackers had breached their Confluence server to put in crypto-mining malware, and an incident response investigation was began.
“To date in our investigation, we now have discovered that the Confluence CVE-2021-26084 exploit was used to put in what we imagine was a Monero miner within the container working the service. From there an attacker wouldn’t have the ability to entry a lot of our different infrastructure,” acknowledged Jenkins in a blog post.
As of now, the Jenkins infrastructure staff completely disabled the Confluence service, rotated credentials, and carried out additional protecting measures to safeguard the infrastructure.
However, analysis by OSINT agency Censys suggests over 8,000 internet-facing Confluence servers stay susceptible all over the world. Atlassian clients ought to discuss with their security advisory and improve their Confluence and Information Middle merchandise to fastened variations ASAP.
Luckily, Sonatype’s Ops and Data Safety groups have been proactive and stayed on prime of the event. As quickly because the safety advisory was shared by Confluence (Read more…)