Security News > 2023 > November > Novel backdoor persists even after critical Confluence vulnerability is patched
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.
The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied.
Experts at Aon's incident response provider Stroz Friedberg said the backdoor is a novel piece of malware called Effluence.
"The malware is difficult to detect and organizations with Confluence servers are advised to investigate thoroughly, even if a patch was applied," according to the advisory.
In these cases, web shells can only be accessed if the attacker is able to log into Confluence or via an attacker-controlled webpage.
Defenders may find evidence of use when reviewing static confluence pages, monitoring the response size in relation to the organization's baseline range.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/14/novel_backdoor_persists_confluence/
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)