Security News > 2021 > September > U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system.

"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National Mission Force said in a tweet.

Bad Packets noted on Twitter it "Detected mass scanning and exploit activity from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the U.S. targeting Atlassian Confluence servers vulnerable to remote code execution."

Atlassian Confluence is a widely popular web-based documentation platform that allows teams to create, collaborate, and organize on different projects, offering a common platform to share information in corporate environments.

The development comes days after the Australian company rolled out security updates on August 25 for a OGNL injection flaw that, in specific instances, could be exploited to execute arbitrary code on a Confluence Server or Data Center instance.

In the days since the patches were issued, multiple threat actors have seized the opportunity to capitalize on the flaw by ensnaring potential victims to mass scan vulnerable Confluence servers and install crypto miners after a proof-of-concept exploit was publicly released earlier this week.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/WPYoGwOE-5g/us-cyber-command-warns-of-ongoing.html