Security News > 2023 > November > Novel backdoor persists even after critical Confluence vulnerability is patched
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.
The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied.
Experts at Aon's incident response provider Stroz Friedberg said the backdoor is a novel piece of malware called Effluence.
"The malware is difficult to detect and organizations with Confluence servers are advised to investigate thoroughly, even if a patch was applied," according to the advisory.
In these cases, web shells can only be accessed if the attacker is able to log into Confluence or via an attacker-controlled webpage.
Defenders may find evidence of use when reviewing static confluence pages, monitoring the response size in relation to the organization's baseline range.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/14/novel_backdoor_persists_confluence/
Related news
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors (source)