Atlassian Confluence is under heavy attack

Patch immediately without any delay, urges Atlassian

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers at the US Cyber Command (USCYBERCOM) have urged admins to immediately patch their on-premise Atlassian Confluencecollaboration platform, which is at the receiving end of an ongoing attack.

USCYBERCOM put out a public notice on Twitter informing Atlassian users of an active large-scale exploitation campaign that it expects to accelerate.

“Please patch immediately if you haven’t already—this cannot wait until after the weekend,” USCYBERCOMwrote on Twitter.

The flaw, tracked asCVE-2021-26084, enables threat actors to remotely execute arbitrary code on the popular workplace collaboration platform.

Ongoing campaign

Ongoing campaign

Described as “an OGNL injection vulnerability,” the bug exists in the Atlassian Confluence Server and Confluence Data Center products, both of which are vulnerable to unauthenticated remote attackers.

With a high CVSS severity rating of 9.8 out of 10, the vulnerability wasfirst reportedon July 27, 2021. However, given its serious nature, Atlassian didn’t publish details about its exploitation mechanism, even after it had issued a patch last month on August 25, 2021.

Reportedly however, threat actors began exploiting the vulnerability soon after the patch was released. Threat intelligence firm Bad Packetsfirst detected“mass scanning and exploit activity” against the vulnerability from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the US, before Atlassian updated its advisory warning users about the attack.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This vulnerability is being actively exploited in the wild. Affected servers should be patched immediately,”said Atlassian.

The vulnerability affects Confluence Server and Data Center versions before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)