Security News > 2023 > November > Novel backdoor persists even after critical Confluence vulnerability is patched
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.
The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied.
Experts at Aon's incident response provider Stroz Friedberg said the backdoor is a novel piece of malware called Effluence.
"The malware is difficult to detect and organizations with Confluence servers are advised to investigate thoroughly, even if a patch was applied," according to the advisory.
In these cases, web shells can only be accessed if the attacker is able to log into Confluence or via an attacker-controlled webpage.
Defenders may find evidence of use when reviewing static confluence pages, monitoring the response size in relation to the organization's baseline range.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/14/novel_backdoor_persists_confluence/
Related news
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)